NetcatThe information on this page does not map to a specific certification objective.
Netcat is a simple program that reads and writes data across TCP or UDP network connections. It's included with many Linux distributions and a version is available for Windows. You can invoke the program with either the netcat command or the nc command.
In addition to reading the page, it may be useful to read the original author's README file so you can understand the author's motivation for writing the program.
There are two versions of netcat. The original was written by Avian Research in 1995. A later version was rewritten by Giovanni Giacobbi for the GNU netcat project. When installed, either version can be run with either the netcat or nc commands.
If you're running the original version, you'll see this when you use the -h command line option:
#nc -h [v1.10] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -c shell commands as `-e'; use /bin/sh to exec [dangerous!!] -e filename program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -q secs quit after EOF on stdin and delay of secs -s addr local source address -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive]; hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
If you're running the GNU version, you'll see this when you use the -h command line option:
#nc -h GNU netcat 0.7.1, a rewrite of the famous networking tool. Basic usages: connect to somewhere: nc [options] hostname port [port] ... listen for inbound: nc -l -p port [options] [hostname] [port] ... tunnel to somewhere: nc -L hostname:port -p port [options] Mandatory arguments to long options are mandatory for short options too. Options: -c, --close close connection on EOF from stdin -e, --exec=PROGRAM program to exec after connect -g, --gateway=LIST source-routing hop point[s], up to 8 -G, --pointer=NUM source-routing pointer: 4, 8, 12, ... -h, --help display this help and exit -i, --interval=SECS delay interval for lines sent, ports scanned -l, --listen listen mode, for inbound connects -L, --tunnel=ADDRESS:PORT forward local port to remote address -n, --dont-resolve numeric-only IP addresses, no DNS -o, --output=FILE output hexdump traffic to FILE (implies -x) -p, --local-port=NUM local port number -r, --randomize randomize local and remote ports -s, --source=ADDRESS local source address (ip or hostname) -t, --tcp TCP mode (default) -T, --telnet answer using TELNET negotiation -u, --udp UDP mode -v, --verbose verbose (use twice to be more verbose) -V, --version output version information and exit -x, --hexdump hexdump incoming and outgoing traffic -w, --wait=SECS timeout for connects and final net reads -z, --zero zero-I/O mode (used for scanning) Remote port number can also be specified as range. Example: '1-1024'
The GNU version also has a -V command line option:
#nc -V netcat (The GNU Netcat) 0.7.1 Copyright (C) 2002 - 2003 Giovanni Giacobbi This program comes with NO WARRANTY, to the extent permitted by law. You may redistribute copies of this program under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Original idea and design by Avian Research
, Written by Giovanni Giacobbi .
There's a variant of the original netcat, called Cryptcat, that's been modified to add encryption.
The GNU version from the Sourceforge project page. There is no Windows version yet.
Cryptcat is available from http://farm9.org/Cryptcat/.
The book showed you how to use the telnet program to communicate with Web and Email servers. You can do the same with netcat using this syntax:
nc host port
where host is the IP address or DNS name of a host to connect to and port is the TCP port number to connect to. By default, netcat uses TCP. Unlike telnet, netcat doesn't print anything to the screen when a connection is made unless you use the -v command line option. Here's an example of connecting to a Web server:
nc -v www.alcpress.com 80 DNS fwd/rev mismatch: www.alcpress.com != igor.alcpress.com www.alcpress.com [126.96.36.199] 80 (http) open
A TCP connection now exists between your computer and the Web server. Now, use the keyboard to send data to the Web server. In the following example, the two lines in bold text is what was typed on the keyboard - the remainder of the text was sent by the Web server:
HEAD / HTTP/1.1 host:www.alcpress.com HTTP/1.1 200 OK Date: Thu, 15 Sep 2005 21:30:10 GMT Server: Apache/1.3.28 (Unix) Cache-Control: max-age=86400 Expires: Fri, 16 Sep 2005 21:30:10 GMT Last-Modified: Sat, 12 Jun 2004 10:43:25 GMT ETag: "6ced7-ab3-40cade4d" Accept-Ranges: bytes Content-Length: 2739 Content-Type: text/html
To exit the telnet program you had to press the Ctrl-] keys and then type exit. To exit Netcat, just press Ctrl-C.
Using telnet for communicating with other hosts can only be done with TCP. Telnet doesn't speak UDP. Netcat does by specifying the -u command line option. Here's an example of connecting to an RFC 867 time server using UDP. Note the IP address or DNS name of the other host is specified first and the port number is specified second - just like most telnet programs. After the connection is made you'll probably need to press the Enter key to get the time server to send you the current time.
nc -u igor.alcpress.com 13 Thu Sep 15 14:41:57 2005
Since UDP is not a connection-oriented protocol, the connection will remain "open" until you terminate the program by pressing Ctrl-C.
Listening for Connections
You can instruct netcat to listen for TCP or UDP connections by using the -l (that's lower case L) command line option. A common usage for this is for moving files between computers. Assume that there are two computers: A and B and you want to move a file from B to A. On computer A, you run this command:
nc -l -p 1234 < testfile
On computer B, you run this command:
nc IP 1234 > testfile
Windows Remote Command Prompt
If you have netcat installed on Windows, go to the directory that netcat is installed in and enter this command:
nc -l -p1000 -d -e cmd.exe -LThis tells netcat to execute the cmd.exe program when a connection is made. Anyone who connects to the Windows computer's port 1000 will see a command (DOS) prompt. When you disconnect from the Windows computer, the -L option will restart Netcat with the same command line, thus allowing another host to connect.
This is still under construction.