The Linux netcat(nc) command is often referred to as the Swiss army knife of networking tools, and a skilled system administrator could come up with some interesting uses for this sophisticated and versatile tool. It essentially establishes a connection between two computers and allows data to be written across the TCP and UDP transport layer protocols, and the network layer protocol IP. Netcat could even be thought of like the ‘cat’ command in Linux but for network-based communication between servers.

Netcat operates in 2 modes

  1. Server mode
  2. Client mode

Server mode: In the server, mode netcat listens to incoming connections depending on various parameters that may have been passed to the utility.The below syntax indicates how you would typically use netcat in the server mode:

nc -l -p port [options] [hostname] [port]

Client mode: In the client, mode netcat initiates a TCP/UDP connection to the same or different machine.The below syntax depicts how you would typically use netcat in the client mode:

nc [-options] hostname port[s] [ports]

We will be covering both methods in depth in our examples.

Typical uses of the Linux netcat tool

  1. Chat server
  2. Port scanner
  3. File transfer
  4. Information fetching

Chat server: We can use netcat to transfer simple text messages between two system forming a rather minimal and straightforward instant messaging interface.
Port scanner: Netcat can be used to scan open ports on one or more systems. Its port scanning capabilities are somewhat trivial, and we’d strongly recommend using NMAP in this regard.
File transfer: it allows file transfers between servers without needing to resort to FTP server or sftp server or tftp server.
Information fetching: Netcat can be used to establish a socket to a specific port on the destination system to identify specific information or weaknesses in the system. This is similar to lsof command or nmap command.

Netcat comes pre-installed in both Red Hat and Debian based distributions.
We’ll now verify that the presence of netcat on a centos 6 and an Ubuntu 16.04 machine.

Verifying netcat on Centos/Redhat Linux

[[email protected] ~]# rpm -qa | grep -w ^nc
nc-1.84-24.el6.x86_64
[[email protected] ~]# rpm -qi nc
Name: nc                         
Relocations: (not relocatable)
Version: 1.84                             
Vendor: CentOSRelease     : 24.el6                       
Build Date: Mon 08 Dec 2014 02:51:43 PM IST
Install Date: Tue 26 Sep 2017 01:02:29 AM IST     
Build Host: c6b8.bsys.dev.centos.org
Group: Applications/Internet         
Source RPM: nc-1.84-24.el6.src.rpm
Size: 111502                           
License: BSD
Signature   : RSA/SHA1, Mon 08 Dec 2014 07:05:39 PM IST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Summary: Reads and writes data across network connections using TCP or UDP
Description: The nc package contains Netcat (the program is actually nc), a simple utility for reading and writing data across network connections, 
using the TCP or UDP protocols. Netcat is intended to be a reliable back-end tool which can be used directly or easily driven by other programs and scripts.  Netcat is also a feature-rich network debugging and exploration tool since it can create many different connections and has many built-in capabilities.
You may want to install the netcat package if you are administering a network and you'd like to use its debugging and network exploration capabilities.

Verifying netcat on Ubuntu/Debian

Ubuntu systems come pre-installed with the BSD variant of netcat along with the traditional version.

In ubuntu the nc command iactually a soft link as shown below:
[email protected]:~# ls -l /bin/nc
lrwxrwxrwx 1 root root 20 Oct 16 06:07 /bin/nc -> /etc/alternatives/nc
[email protected]:~# ls -l /etc/alternatives/nc
lrwxrwxrwx 1 root root 15 Oct 16 06:07 /etc/alternatives/nc -> /bin/nc.openbsd
[email protected]:~# ls -l /bin/nc.openbsd
-rwxr-xr-x 1 root root 31248 Dec  3  2012 /bin/nc.openbsd
[email protected]:~# dpkg -S /bin/nc.openbsdnetcat-openbsd: /bin/nc.openbsd
[email protected]:~# dpkg -s netcat-openbsd
Package: netcat-openbsd
Status: install ok installed
Priority: important
Section: netInstalled-Size: 109
Maintainer: Ubuntu Developers <[email protected]>
Architecture: amd64Version: 1.105-7ubuntu1
Replaces: netcat (<< 1.10-35)Provides: netcat
Depends: libbsd0 (>= 0.2.0), libc6 (>= 2.16)Breaks: netcat (<< 1.10-35)
Description: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol.  
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. 
At the same time, it is a feature-rich network debugging and exploration tool since it can create almost any kind of connection you would need and has several interesting built-in capabilities. 
This package contains the OpenBSD rewrite of netcat, including support for IPv6, proxies, and Unix sockets.
Original-Maintainer: Aron Xu <[email protected]>

The BSD variant of netcat may have slightly different or a couple of more options as compared to the traditional version of netcat.
This is the output produced from running the BSD version without any options.

[email protected]:~# nc
This is nc from the netcat-openbsd package.
An alternative nc is availablein the netcat-traditional package.
usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]          
[-P proxy_username] [-p source_port] [-q seconds] [-s source]          [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]         
[-x proxy_address[:port]] [destination] [port]

In contrast to the above, this is the output produced by running netcat without any options on my centos system.

[[email protected] ~]# nc
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]          
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]         [-x proxy_address[:port]] [hostname] [port[s]]

Now we will go through some examples to understand how we can use netcat according to our requirements.

Related concept:   9 practical Linux echo command examples

Getting help from nc command

Use nc command with the -h option to obtain a short description about some of the options that are available for use with netcat.

[[email protected] ~]# nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]          
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]         
 [-x proxy_address[:port]] [hostname] [port[s]]        
Command Summary:             
-4              Use IPv4           
-6              Use IPv6               
-D              Enable the debug socket option               
-d              Detach from stdin               
-h              This help text               
-i secs         Delay interval for lines sent, ports scanned               
-k              Keep inbound sockets open for multiple connects               
-l              Listen mode, for inbound connects               
-n              Suppress name/port resolutions               
-p port         Specify local port for remote connects               
-r              Randomize remote ports               
-S              Enable the TCP MD5 signature option               
-s addr         Local source address               
-T ToS          Set IP Type of Service               
-C              Send CRLF as line-ending               
-t              Answer TELNET negotiation               
-U              Use UNIX domain socket               
-u              UDP mode               
-v              Verbose               
-w secs         Timeout for connects and final net reads               
-X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"               
-x addr[:port]  Specify proxy address and port                
-z              Zero-I/O mode [used for scanning]        
Port numbers can be individual or ranges: lo-hi [inclusive]

Scan TCP port using nc command

Example 1: Using netcat to scan a single port:

Related concept:   How to generate a random number in Bash

Before we get to the demonstration, we’d like to reemphasize our recommendation for using nmap for fulfilling your port scanning needs.

To scan a port, we use nc with the -z option which tells netcat only to examine the port and not initiate a connection.We can also add the -v option to enable more verbose or detailed output.

In the below demonstration we scan port 22 of our Ubuntu system from our centos system:

[[email protected] ~]# nc -z   192.168.87.146 22
Connection to 192.168.87.146 22 port [tcp/ssh] succeeded!

The connection succeeded message implies that the port is open.

Scan UDP port using nc command

Example 2: Scanning UDP ports instead of TCP.

Let’s see an example this time to scan the 123 on our centos server running the ntpd daemon.

[email protected]:~# nc -z -v -u 192.168.87.144 123
Connection to 192.168.87.144 123 port [udp/ntp] succeeded!

In this example we added the -u flag to indicate that we are scanning a UDP port and not a TCP port.We would get a connection refused if we did not add the -u option because ntpd listens on UDP port 123.

Related concept:   How to implement GlusterFS in Redhat/Centos

Here’s a demo of that:

[email protected]:~# nc -z -v 192.168.87.144 123
nc: connect to 192.168.87.144 port 123 (tcp) failed: No route to host

Scanning a range of ports using nc command

Example 3: We can use netcat to examine across a range of ports.

The syntax for that is nc -z <host> <first port>-<last port>

Here is an example:

[email protected]:~# nc -z -v 192.168.87.144 20-27
nc: connect to 192.168.87.144 port 20 (tcp) failed: No route to host
nc: connect to 192.168.87.144 port 21 (tcp) failed: No route to host
Connection to 192.168.87.144 22 port [tcp/ssh] succeeded!
nc: connect to 192.168.87.144 port 23 (tcp) failed: No route to host
nc: connect to 192.168.87.144 port 24 (tcp) failed: No route to host
nc: connect to 192.168.87.144 port 25 (tcp) failed: No route to host
nc: connect to 192.168.87.144 port 26 (tcp) failed: No route to host
nc: connect to 192.168.87.144 port 27 (tcp) failed: No route to host

In the next article, we’ll use netcat to set up a simple instant messaging interface and transfer files.