Table of Contents

Linux Commands#network

nc(netcat) - How to use nc(netcat) command in Linux with examples



nc Command Hlep

I cann't find ā€œ-eā€ option with my Linux server.

# nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
          [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
          [-x proxy_address[:port]] [hostname] [port[s]]
        Command Summary:
                -4              Use IPv4
                -6              Use IPv6
                -D              Enable the debug socket option
                -d              Detach from stdin
                -h              This help text
                -i secs         Delay interval for lines sent, ports scanned
                -k              Keep inbound sockets open for multiple connects
                -l              Listen mode, for inbound connects
                -n              Suppress name/port resolutions
                -p port         Specify local port for remote connects
                -r              Randomize remote ports
                -s addr         Local source address
                -T ToS          Set IP Type of Service
                -C              Send CRLF as line-ending
                -t              Answer TELNET negotiation
                -U              Use UNIX domain socket
                -u              UDP mode
                -v              Verbose
                -w secs         Timeout for connects and final net reads
                -X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"
                -x addr[:port]  Specify proxy address and port
                -z              Zero-I/O mode [used for scanning]
        Port numbers can be individual or ranges: lo-hi [inclusive]
# man nc

NAME
       ncat - Concatenate and redirect sockets

SYNOPSIS
       ncat [OPTIONS...] [hostname] [port]


Example

Port Scan

# nc -vz 127.0.0.1  22
Connection to 127.0.0.1 22 port [tcp/ssh] succeeded!
##nmap's ncat

# nc -v x.x.x.x 22 < /dev/null ; echo $?
# nc -v x.x.x.x 22 < /dev/null > /dev/null 2>&1 || echo NG
# nc -vz 127.0.0.1 1-1023  <- Check port from 1 to 1023
nc: connect to 127.0.0.1 port 1 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 2 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 4 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 5 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 6 (tcp) failed: Connection refused

Check Port

# nc  xx.xx.xx.xx 22    <- TCP

#nc 192.168.0.10 23
Ncat: Connection refused.

# nc 192.168.0.10 22
SSH-2.0-OpenSSH_7.4
# nc  -u xx.xx.xx.xx   53   <- UDP
# echo -en "GET / HTTP/1.1\n\n" | nc xx.xx.xx.xx  80


Simple Web Server

# while true; do ( echo "HTTP/1.0 200 Ok"; echo; echo "Hello World" ) | nc -l 80; [ $? != 0 ] && break; done


Check Firewall

Example1

Server1     <-------------------  Server2 
Port 12345 Listen                 Scan
(nc -l 12345)                     (nc  -vz Server1  12345)
Server1# nc -l  12345    <- Listening Port 12345
Server2# nc -vz Server1 12345  <- Connection Server1 Port 12345
Connection to Server1 12345 port succeeded!


Example2

Server1# nc -l  12345    <- Listening Port 12345
Server2# nc Server1 12345  <- Connection Server1 Port 12345
aaa      <- push character 'aaa'
Server1# nc -l 12345
aaa                       <- Listen caracter 'aaa'


Example3

Server1# nc -l -p 1234  -e /bin/sh   <- Listening Port 1234
Server2# nc Server1 1234  <- Connection Server1 Port 1234
uname -a      <- push 'uname -a' command
Linux AAAA2.4.2-2  <- listen Server1's 'uname -a'