netcat

March 8, 2010, by | Start Discussion

Netcat, often referred to as “Swiss army-knife for TCP/IP”, is a simple utility which can do a lot of wonders on any Linux machine and with ported version on Windows too. It can make and accept data across network connection using TCP-UDP protocol. It does not have an attractive GUI. It can be used as a port scanner, a port redirector, a port listener. It is designed to be a reliable “back end” tool that can be easily driven by other programs and scripts.  Any type of connection can be created using this. Isn’t it the “Swiss Army Knife”?!

Netcat was voted the second most functional network security tool and is still maintaining its s position in the top 10 tools at http://insecure.org 
Go ahead and download a copy from https://nc110.sourceforge.net and start the exploration with us.

NETCAT INSTALLATION

On Ubuntu

apt-get install netcat

For Machines understanding RPMs

rpm -Uvh netcat-version.rpm

On Windows

Download and unzip windows binary in any PATH folder.

Download Netcat for Windows from http://www.downloadnetcat.com/nc11nt.zip and unzip the same in any PATH folder. For the sake of this article, we’ll use the directory C:nc for the same

Feature List.

  • According to http://nc110.sourceforge.net some of NETCAT’s major features are as follows:-
  • Outbound or inbound connections, TCP or UDP, to or from any ports.
  • Full DNS forward/reverse checking, with appropriate warnings
  • Ability to use any local source port
  • Ability to use any locally-configured network source address
  • Built-in port-scanning capabilities, with randomization
  • Built-in loose source-routing capability
  • Can read command line arguments from standard input
  • Slow-send mode, one line every N second
  • Hex dump of transmitted and received data
  •  Alternativel it has the  ability to let another program service establish connections
  • Alternatively it can act as(?) telnet-options responder
  • Featured tunneling mode which also allows special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.

But this list can surely be impoverished  with the help of  creative ideas of people.
As there are many features of netcat, in the examples in this article we will be discussing only few features like:-

  1. Simple TCP or UDP connection.
  2. Using netcat as a sample chat application.
  3. Transferring file using netcat.
  4. Port Scanning.
  5. Proxying.
  6. Tunneling output of executables on another machine.
  7. Spoofing IP Address

For  more  features  visit http://nc110.sf.net

Examples

Chat window using netcat
 

On machine 1

nc –l –p  4444

We are using the -l switch, so netcat would be in  listen mode i.e.  listen to a specified port. Using –p 4444 we are able to specify that we are using port 4444.
 

On machine 2

nc 192.168.0.6 4444

This will connect to 192.168.0.6 on port 4444.

Now we are able to have two way communication like chat window, in window 1:

Transferring files using Netcat
 

First we start netcat in listening mode and redirect the output into a file.

nc –l –p 5555 > chmag.txt

(for file transfer 1)

 nc 192.168.1.12 5555 <chmag.txt

On the sending machine we simply feed    the file into netcat connecting to the  client machine.
(for file transfer 2)

Port scanning
 

Let’s see how to scan ports using netcat. We all know the best tool to do port scanning in NMAP but let’s see how netcat can do the same.  For the below example we had taken 192.168.1.x network and our target machine is 192.168.1.4 and we’ll scan for open ports ranging from 1 to 80.

nc –v –w2 –z  192.168.1.4 1-80

Netcat will try to connect to port in between 1 to 80 in reverse order.
 

The –z switch prevent sending any data to a TCP connection.
The –v switch will put netcat in verbose mode
The –w[n] switch will specify the timeout to be used

Proxying
 

Another useful behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:

 nc -l –p 1324 | nc chmag.in 80

This starts a netcat server on port 1324 and all the connections get redirected to chmag.in:80. If a web browser makes a request to nc, the request will be sent to chmag.in but the response will not be sent to the web browser. That is because pipes are unidirectional.       This can be worked around with a named pipe to redirect the input and output.
On the Linux box, also can use “-c” option for back piping the response into the browser.

 nc -l -p 12345 -c 'nc chmag.in 80'

Pipe a commands output to a netcat request
Create a listening port on a machine by
 

nc -l -p 12345

From the sending machine pipe the command output to the listening machine

C:> ipconfig | nc 192.168.1.7 12345

Remember the chat window in the example above. This command will show the output of ipconfig as text in the shell.

Spoof source IP address

nc -s 192.168.1.1 192.168.1.12 1232

Note – We have used IPv4 version and examples in this article. If you are using IPv6 then use netcat6 or nc6.

Author bio not avialable

Leave a Reply