Netcat the Multi-purpose Networking Tool

Linux netcat - nc command examples

netcat - nc - Utility


The netcat utility or nc is often referred to as the Swiss Army Knife for working with TCP/IP networks. This tool is very popular amongst System Administrators and Network Administrators because of its wide range of capabilities. The netcat utility is used for almost anything under the sun involving TCP, UDP, or UNIX-domain sockets. Netcat can open TCP connections, send UDP packets of data, listen on arbitrary TCP and UDP ports, carry out port scanning, transfer data from one server to another. In the following examples I will be using an Ubuntu 14.04 LTS system and a CentOS 6.5 system.



Installing netcat on Ubuntu


If you need to install netcat, you can use the following commands:



$ sudo apt-get update
$ sudo apt-get install netcat

Note: In Ubuntu 14.04 LTS netcat came pre installed. (No need to install)


Installing netcat on RHEL - CentOS


To install netcat on a RHEL/CentOS system (64bit), simply issue the following command: yum install nc.x86_64



[root@centos-65 ~]# yum install nc.x86_64

Examples of netcat networking utility


In the following examples we will take a quick look at some of the popular uses of netcat.


Checking for an Open Port


In this example we will use netcat to interrogate a port to see if it is open. We will use the netcat command in conjunction with the "-v" and "-n" flags. The "-v" flag specifies that we would like verbose output (more detailed). The "-n" option specifies that we do not wish to use DNS or service lookups on any addresses, hostnames or ports.

Example Command: nc -vn 192.168.0.17 22

In the above example we have specified the IP address of a RHEL (Red Hat Enterprise Linux 6.3) server followed by the port we wish to interrogate. In this example we are looking at port 22 (normally used for ssh).



john@ubuntu01-pc:~$ nc -vn 192.168.0.17 22
Connection to 192.168.0.17 22 port [tcp/*] succeeded!
SSH-2.0-OpenSSH_5.3

As we can see from the output port 22 is open for connections. If we now check for a port which is closed, you will see the difference in the output from the command:



john@ubuntu01-pc:~$ nc -vn 192.168.0.17 2000
nc: connect to 192.168.0.17 port 2000 (tcp) failed: No route to host


netcat as a Port Scanner


Another popular use of the netcat command is to use it as a port scanner. In this example we will be using the flags "-w" and "-z" in addition to the "-v" and "-n" flags. The "-w" flag is used to specify a timeout limit. By default, netcat will listen forever, however, in this example we are going to use a more realistic value of "1" second. The "-z" flag specifies that netcat should merely scan for listening daemons without sending any data. We will also specify a range of ports to check. In this example we are only going to check ports 1 through to 30.

Example Command: nc -vnz -w 1 192.168.0.17 1-30



john@ubuntu01-pc:~$ nc -vnz -w 1 192.168.0.17 1-30
nc: connect to 192.168.0.17 port 1 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 2 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 3 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 4 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 5 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 6 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 7 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 8 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 9 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 10 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 11 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 12 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 13 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 14 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 15 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 16 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 17 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 18 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 19 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 20 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 21 (tcp) failed: No route to host
Connection to 192.168.0.17 22 port [tcp/*] succeeded!
nc: connect to 192.168.0.17 port 23 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 24 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 25 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 26 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 27 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 28 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 29 (tcp) failed: No route to host
nc: connect to 192.168.0.17 port 30 (tcp) failed: No route to host

We can clearly see from the above output that a connection to port 22 has succeeded.

You can also specify more than one port to scan.

Example Command: nc -vnz -w 1 192.168.0.17 20 21 22 23 24 25

In the above example, we are going to scan ports "20, 21, 22, 23, 24 and 25".



john@ubuntu01-pc:~$ nc -vnz -w 1 192.168.0.17 20 21 22 23 24 25
nc: connect to 192.168.0.17 port 20 (tcp) failed: Connection refused
nc: connect to 192.168.0.17 port 21 (tcp) failed: Connection refused
Connection to 192.168.0.17 22 port [tcp/*] succeeded!
nc: connect to 192.168.0.17 port 23 (tcp) failed: Connection refused
nc: connect to 192.168.0.17 port 24 (tcp) failed: Connection refused
nc: connect to 192.168.0.17 port 25 (tcp) failed: Connection refused

Port Scanning UDP ports


In this example we are going to specify "UDP" ports to be scanned. To specify UDP we will use the "-u" flag. In the example below we are going to scan ports "60 through to 80".

Example Command:nc -vnzu -w 1 192.168.0.17 60-80



john@ubuntu01-pc:~$ nc -vnzu -w 1 192.168.0.17 60-80
Connection to 192.168.0.17 63 port [udp/*] succeeded!
Connection to 192.168.0.17 65 port [udp/*] succeeded!
Connection to 192.168.0.17 68 port [udp/*] succeeded!

Having a Chat with Netcat


In this example we will use an Ubuntu 14.04 LTS terminal and connect this to a remote terminal on a CentOS 6.5 Server.

On the Ubuntu system, we need to identify the IP address. This can be done by issuing the command ip a s



john@ubuntu01-pc:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether a0:d3:c1:64:ec:0f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.11/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a2d3:c1ff:fe64:ec0f/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 80:56:f2:a9:a8:07 brd ff:ff:ff:ff:ff:ff

From the above we can see that the IP address in use on interface "eth0" is 192.168.0.11

This IP address is only needed by the CentOS server. Now, on the Ubuntu system we issue the following command:

nc -lp 2468 Here we are instructing netcat to listen on port 2468.



john@ubuntu01-pc:~$ nc -lp 2468

Now on the remote CentOS server we issue the following command:

nc 192.168.0.11 2468



nc 192.168.0.11 2468

Here we are telling our CentOS server to make a connection to our Ubuntu system on port 2468.

Now any text typed on one terminal will now appear on the other terminal screen. (Warning, this is not a secure way to chat!)

Ubuntu System



john@ubuntu01-pc:~$ nc -lp 2468
Hello Remote CentOS Server


Output received on CentOS system



[root@centos-65 ~]# nc 192.168.0.11 2468
Hello Remote CentOS Server

For more information regarding netcat/nc command


As always a vast amount of information can be looked at via the man pages. To view more information regarding netcat, issue the command man nc


Basic Syntax of netcat



usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]
	  [-P proxy_username] [-p source_port] [-q seconds] [-s source]
	  [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]
	  [-x proxy_address[:port]] [destination] [port]