Netcat Tutorial
A computer networking utility for network connections using TCP or UDP
Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform-independent command supported by Linux, Unix, Windows, BSD, macOS, etc. Common use cases for Netcat are;
- -Simple TCP proxy
- -Shell script-based HTTP clients and Servers
- -Network daemon testing
- -A SOCKS or HTTP ProxyCommand for ssh
We will use the following syntax for `nc` command.
$nc [OPTIONS] [DESTINATION PORT]
*OPTIONS used to set some special behavior like timeout, help, jumbo frame, etc.
*DESTINATION is used to specify remote system IP or Hostname.
*PORT is the remote system port number.
If we will use netcat as server the following syntax is valid.
$nc [OPTIONS] [PORT]
*OPTIONS used to set some special behavior like timeout, help, jumbo
*PORT is the port number the server will listen
Port Scanning with Netcat
Penetration testers generally use port scan techniques for information gathering. Nmap is one of the most popular tools to find open ports. Netcat can provide port scan functionality. The advantage of netcat is simplicity and no library dependency. Single netcat binary is enough for port scan and can be used for all operating systems like Windows, Linux, Unix, MacOS, BSD.
We will use -z options for a port scan like below. In this example, we will scan IP address 192.168.122.1 which can be also a domain name like poftut.com. The port range is specified as 1-30 .
$nc -z -v 192.168.122.1 1-30
Start Netcat TCP Server
Another useful feature of netcat is acting as a TCP server. Netcat can listen to the specified TCP port. But as a security measure in Linux systems only privileged users can listen to ports between 1-1024 . In this example, we will listen to TCP ports 30. To give required privileges we use sudo command.
$sudo nc -l -p 30
Connect Netcat TCP Server
In the previous example, we have examined the TCP server. Netcat also provides client capabilities. To use netcat as a client we should provide hostname or IP address and the port information. There is no special option for this.
$nc localhost 00
Send Files Trough Netcat
Another useful feature of the netcat is file transfer. As we see previous examples netcat can transfer text easily with server-client architecture. There is no limit on transfer data. This data can be a normal program or a movie. But keep in mind the transfer time will change according to data size. In order to transfer we need to set up a server which is the destination. And in the server configuration, we will redirect the incoming data into a filename myfile.txt
$nc -l -p 4444 > myfile.txt
Banner Grabbing with netcat Command
netcat or nc can be used to grab banners of different ports like SSH, HTTP, HTTPS, VNC, FTP etc. Netcat will initiate a connection to the remote system specified port and print returned response as text to the console with the echo command.
$nc 172.104.31.121 443
Netcat is a very powerful tool in the hacker aresnal. Security researchers dubbed Netcat 'A hacker's swiss army knife'. This tool is really important. There is alot more you can do with this tool, I only covered some basics.