An introduction to netcat

In this post I want to give you a little introduction to netcat. Netcat is a command-line program to create arbitrary TCP connections, sending UDP packets and to listen on arbitrary ports. It’s very flexible and you can do lots of things with it.

Establish a connection between 2 hosts

One host (the server) has to listen on a port. In this example i will use port 1234. The second host (the client) can establish a connection to the server port.

Server-command:

nc -lv 1234

Client-command:

nc -v IP-ADDRESS 1234

The option -l is used to listen on the given port. The option -v is to give a more verbose output. You don’t have to use the verbose output. But if you have trouble to establish a connection, maybe it’ll give you useful information to fix the problem.
You can also use nc -l -v 1234 which is equivalent to the server-command.
If the connection is established between server and client, you’ll be able to send data from stdin (like a chat). To close the connection press CTRL+C.

Port scanning

To do a portscan with netcat is simple.
Commands:

nc -vnzw1 IP-ADDRESS 1-50
nc -vnrzw1 IP-ADDRESS 1-50

The difference between these to commands is the option -r which scans the ports in random order. If you don’t use -r, netcat will scan the ports in the correct order (start to end port).
The option -v is to give a more verbose output. -n is to avoid dns-lookups, i.e. netcat will not resolve any names. -z is to scan for listening deamons, without sending data. -wN is to close the connection, if the connection is idle for N seconds (in this example for 1 second).
The last to numbers (1-50) are the start and end port to scan. Do not use a large range, because netcat will give an output for every port.
Sample output:

nc: connect to 192.168.XXX.XXX port 18 (tcp) failed: Connection refused
nc: connect to 192.168.XXX.XXX port 19 (tcp) failed: Connection refused
nc: connect to 192.168.XXX.XXX port 20 (tcp) failed: Connection refused
Connection to 192.168.XXX.XXX 21 port [tcp/*] succeeded!
nc: connect to 192.168.XXX.XXX port 22 (tcp) failed: Connection refused
nc: connect to 192.168.XXX.XXX port 23 (tcp) failed: Connection refused
nc: connect to 192.168.XXX.XXX port 24 (tcp) failed: Connection refused
Connection to 192.168.XXX.XXX 25 port [tcp/*] succeeded!
nc: connect to 192.168.XXX.XXX port 26 (tcp) failed: Connection refused
nc: connect to 192.168.XXX.XXX port 27 (tcp) failed: Connection refused

In this example output you can see, that port 21 and port 25 are open.

Transfer files between 2 hosts

Let’s create a file on the sender’s host and lets try to transfer it to the receiver’s host.

$ echo "This is a test." > test.txt

Now let’s tranfer the file to the receiver’s host. The receiver must open a port and wait for data. We will redirect all the incoming data into a file.

Receiver-command:

nc -lv 1234 > test.txt

Sender-command:

nc -vw3 IP-ADDRESS 1234 > test.txt

The sender get’s the input from the file test.txt and will close the connection, if it is idle for 3 seconds. This is very simple but in this case you can only transfer one file.
Now let’s try to send a complete directory or more than one file. For that purpose I’ll use tar to compress all files and directories. The advantage is that you only have to send one archive. But let’s try to do all steps at once, to create the archive, to transfer the data and to uncompress the archive. In this example I will use gzip to compress the files (option -z). Feel free to leave this option.

Receiver-command:

nc -l 1234 | tar -xpzf -

Sender-command:

tar czf - testfile1.txt testfile2.txt testdir | nc -vw3 IP-ADDRESS 1234

First let’s have a closer look at the sender’s command. The first part (left side of the pipe) is to create the archive. The option -c is to create an archive, -z to compress it with gzip and -f ARCHIVE to use archive file or device ARCHIVE. In this example ARCHIVE is stdout (given by – ). Tar will not create a file but it will output the archive content to the stdout which is piped to netcat.
Now let’s have a look at the receiver’s command. It listens on port 1234 and pipes every incoming data to tar. The tar-command will extract the incoming file content (option -xz), extract information about file permissions (option -p) and use archive file or device ARCHIVE (option -f -) wich is stdout.

Last update: 14.06.2015

Posted on September 4, 2012, in Network and tagged , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: