Netcat tricks

Netcat is a utility which reads and writes data across network connections, using TCP or UDP. It is known as a "Swiss-army knife for TCP/IP". Here are some useful netcat tricks.



Simple Client

To connect to the SMTP server (srv), we type:

nc srv 25



One-shot Server

To provide a uptime service on a unix/linux system, we type:

nc -l -p Port# -e /usr/bin/uptime

where Port# is the service port number, uptime the utility reporting system uptime.



Simple Server

To provide a fixed web page (index.html) service on a unix/linux, we type:

while true; do {echo -ne "HTTP/1.0 200 OK\r\nContent-Length: $(wc -c < index.html)\r\n\r\n"; cat index.html; } | nc -l -p Port#; done

To implement a log server that logs the first 500 bytes data from any client, we type:

while true; do nc -l -p Port# | head -c 500 >> LogFile; date >> LogFile; done

where LogFile is the name of our log file, each log record is followed by a time stamp.

To set up a backdoor shell, we type:

nc -l -p Port# -e /bin/sh



File Transfer

To push a file (FileName) from host A to host B (hostB) , we type

nc -l -p Port# > FileName

on host B, and

nc -q 10 hostB Port# < FileName

on host A.


To pull a file (FileName) from host A (hostA) back to host B, we type

nc -q 10 -l -p Port# < FileName

on host A, and

nc hostA Port# > FileName

on host B.



Chat Service

To set up chat server (srv), we type:

nc -l -p Port#

on srv, and on chat client, we type:

nc srv Port#



Port Scanner

Netcat can be a port scanner. It does not have as many features as  nmap, but if we just want to see what ports numbered between 1 to 1024 are open on host with IP address 192.168.0.1, we type:

nc -z -v -n -w 1 192.168.0.1  1-1024

where -z specifies scanning, -v verbose, -n no DNS, -w 1 timeout after 1 second.



UDP mode

The option -u puts netcat to operate in UDP mode.