An introduction to netcat
In this post I want to give you a little introduction to netcat. Netcat is a command-line program to create arbitrary TCP connections, sending UDP packets and to listen on arbitrary ports. It’s very flexible and you can do lots of things with it.
Establish a connection between 2 hosts
One host (the server) has to listen on a port. In this example i will use port 1234. The second host (the client) can establish a connection to the server port.
nc -lv 1234
nc -v IP-ADDRESS 1234
-l is used to listen on the given port. The option
-v is to give a more verbose output. You don’t have to use the verbose output. But if you have trouble to establish a connection, maybe it’ll give you useful information to fix the problem.
You can also use
nc -l -v 1234 which is equivalent to the server-command.
If the connection is established between server and client, you’ll be able to send data from stdin (like a chat). To close the connection press CTRL+C.
To do a portscan with netcat is simple.
nc -vnzw1 IP-ADDRESS 1-50 nc -vnrzw1 IP-ADDRESS 1-50
The difference between these to commands is the option
-r which scans the ports in random order. If you don’t use
-r, netcat will scan the ports in the correct order (start to end port).
-v is to give a more verbose output.
-n is to avoid dns-lookups, i.e. netcat will not resolve any names.
-z is to scan for listening deamons, without sending data.
-wN is to close the connection, if the connection is idle for N seconds (in this example for 1 second).
The last to numbers (1-50) are the start and end port to scan. Do not use a large range, because netcat will give an output for every port.
nc: connect to 192.168.XXX.XXX port 18 (tcp) failed: Connection refused nc: connect to 192.168.XXX.XXX port 19 (tcp) failed: Connection refused nc: connect to 192.168.XXX.XXX port 20 (tcp) failed: Connection refused Connection to 192.168.XXX.XXX 21 port [tcp/*] succeeded! nc: connect to 192.168.XXX.XXX port 22 (tcp) failed: Connection refused nc: connect to 192.168.XXX.XXX port 23 (tcp) failed: Connection refused nc: connect to 192.168.XXX.XXX port 24 (tcp) failed: Connection refused Connection to 192.168.XXX.XXX 25 port [tcp/*] succeeded! nc: connect to 192.168.XXX.XXX port 26 (tcp) failed: Connection refused nc: connect to 192.168.XXX.XXX port 27 (tcp) failed: Connection refused
In this example output you can see, that port 21 and port 25 are open.
Transfer files between 2 hosts
Let’s create a file on the sender’s host and lets try to transfer it to the receiver’s host.
$ echo "This is a test." > test.txt
Now let’s tranfer the file to the receiver’s host. The receiver must open a port and wait for data. We will redirect all the incoming data into a file.
nc -lv 1234 > test.txt
nc -vw3 IP-ADDRESS 1234 > test.txt
The sender get’s the input from the file test.txt and will close the connection, if it is idle for 3 seconds. This is very simple but in this case you can only transfer one file.
Now let’s try to send a complete directory or more than one file. For that purpose I’ll use tar to compress all files and directories. The advantage is that you only have to send one archive. But let’s try to do all steps at once, to create the archive, to transfer the data and to uncompress the archive. In this example I will use gzip to compress the files (option -z). Feel free to leave this option.
nc -l 1234 | tar -xpzf -
tar czf - testfile1.txt testfile2.txt testdir | nc -vw3 IP-ADDRESS 1234
First let’s have a closer look at the sender’s command. The first part (left side of the pipe) is to create the archive. The option
-c is to create an archive,
-z to compress it with gzip and
-f ARCHIVE to use archive file or device ARCHIVE. In this example ARCHIVE is stdout (given by – ). Tar will not create a file but it will output the archive content to the stdout which is piped to netcat.
Now let’s have a look at the receiver’s command. It listens on port 1234 and pipes every incoming data to tar. The tar-command will extract the incoming file content (option
-xz), extract information about file permissions (option
-p) and use archive file or device ARCHIVE (option
-f -) wich is stdout.
Last update: 14.06.2015