Netcat, often referred to as “Swiss army-knife for TCP/IP”, is a simple utility which can do a lot of wonders on any Linux machine and with ported version on Windows too. It can make and accept data across network connection using TCP-UDP protocol. It does not have an attractive GUI. It can be used as a port scanner, a port redirector, a port listener. It is designed to be a reliable “back end” tool that can be easily driven by other programs and scripts. Any type of connection can be created using this. Isn’t it the “Swiss Army Knife”?!
Netcat was voted the second most functional network security tool and is still maintaining its s position in the top 10 tools at http://insecure.org
Go ahead and download a copy from https://nc110.sourceforge.net and start the exploration with us.
apt-get install netcat
For Machines understanding RPMs
rpm -Uvh netcat-version.rpm
Download and unzip windows binary in any PATH folder.
Download Netcat for Windows from http://www.downloadnetcat.com/nc11nt.zip and unzip the same in any PATH folder. For the sake of this article, we’ll use the directory C:nc for the same
- According to http://nc110.sourceforge.net some of NETCAT’s major features are as follows:-
- Outbound or inbound connections, TCP or UDP, to or from any ports.
- Full DNS forward/reverse checking, with appropriate warnings
- Ability to use any local source port
- Ability to use any locally-configured network source address
- Built-in port-scanning capabilities, with randomization
- Built-in loose source-routing capability
- Can read command line arguments from standard input
- Slow-send mode, one line every N second
- Hex dump of transmitted and received data
- Alternativel it has the ability to let another program service establish connections
- Alternatively it can act as(?) telnet-options responder
- Featured tunneling mode which also allows special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
But this list can surely be impoverished with the help of creative ideas of people.
As there are many features of netcat, in the examples in this article we will be discussing only few features like:-
- Simple TCP or UDP connection.
- Using netcat as a sample chat application.
- Transferring file using netcat.
- Port Scanning.
- Tunneling output of executables on another machine.
- Spoofing IP Address
For more features visit http://nc110.sf.net
Chat window using netcat
On machine 1
nc –l –p 4444
We are using the -l switch, so netcat would be in listen mode i.e. listen to a specified port. Using –p 4444 we are able to specify that we are using port 4444.
On machine 2
nc 192.168.0.6 4444
This will connect to 192.168.0.6 on port 4444.
Now we are able to have two way communication like chat window, in window 1:
Transferring files using Netcat
First we start netcat in listening mode and redirect the output into a file.
nc –l –p 5555 > chmag.txt
(for file transfer 1)
nc 192.168.1.12 5555 <chmag.txt
On the sending machine we simply feed the file into netcat connecting to the client machine.
(for file transfer 2)
Let’s see how to scan ports using netcat. We all know the best tool to do port scanning in NMAP but let’s see how netcat can do the same. For the below example we had taken 192.168.1.x network and our target machine is 192.168.1.4 and we’ll scan for open ports ranging from 1 to 80.
nc –v –w2 –z 192.168.1.4 1-80
Netcat will try to connect to port in between 1 to 80 in reverse order.
The –z switch prevent sending any data to a TCP connection.
The –v switch will put netcat in verbose mode
The –w[n] switch will specify the timeout to be used
Another useful behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:
nc -l –p 1324 | nc chmag.in 80
This starts a netcat server on port 1324 and all the connections get redirected to chmag.in:80. If a web browser makes a request to nc, the request will be sent to chmag.in but the response will not be sent to the web browser. That is because pipes are unidirectional. This can be worked around with a named pipe to redirect the input and output.
On the Linux box, also can use “-c” option for back piping the response into the browser.
nc -l -p 12345 -c 'nc chmag.in 80'
Pipe a commands output to a netcat request
Create a listening port on a machine by
nc -l -p 12345
From the sending machine pipe the command output to the listening machine
C:> ipconfig | nc 192.168.1.7 12345
Remember the chat window in the example above. This command will show the output of ipconfig as text in the shell.
Spoof source IP address
nc -s 192.168.1.1 192.168.1.12 1232
Note – We have used IPv4 version and examples in this article. If you are using IPv6 then use netcat6 or nc6.