The Linux netcat(nc) command is often referred to as the Swiss army knife of networking tools, and a skilled system administrator could come up with some interesting uses for this sophisticated and versatile tool. It essentially establishes a connection between two computers and allows data to be written across the TCP and UDP transport layer protocols, and the network layer protocol IP. Netcat could even be thought of like the ‘cat’ command in Linux but for network-based communication between servers.

Netcat operates in 2 modes

  1. Server mode
  2. Client mode

Server mode: In the server, mode netcat listens to incoming connections depending on various parameters that may have been passed to the utility.The below syntax indicates how you would typically use netcat in the server mode:

nc -l -p port [options] [hostname] [port]

Client mode: In the client, mode netcat initiates a TCP/UDP connection to the same or different machine.The below syntax depicts how you would typically use netcat in the client mode:

nc [-options] hostname port[s] [ports]

We will be covering both methods in depth in our examples.

Typical uses of the Linux netcat tool

  1. Chat server
  2. Port scanner
  3. File transfer
  4. Information fetching

Chat server: We can use netcat to transfer simple text messages between two system forming a rather minimal and straightforward instant messaging interface.
Port scanner: Netcat can be used to scan open ports on one or more systems. Its port scanning capabilities are somewhat trivial, and we’d strongly recommend using NMAP in this regard.
File transfer: it allows file transfers between servers without needing to resort to FTP server or sftp server or tftp server.
Information fetching: Netcat can be used to establish a socket to a specific port on the destination system to identify specific information or weaknesses in the system. This is similar to lsof command or nmap command.

Netcat comes pre-installed in both Red Hat and Debian based distributions.
We’ll now verify that the presence of netcat on a centos 6 and an Ubuntu 16.04 machine.

Verifying netcat on Centos/Redhat Linux

[root@linuxnix ~]# rpm -qa | grep -w ^nc
[root@linuxnix ~]# rpm -qi nc
Name: nc                         
Relocations: (not relocatable)
Version: 1.84                             
Vendor: CentOSRelease     : 24.el6                       
Build Date: Mon 08 Dec 2014 02:51:43 PM IST
Install Date: Tue 26 Sep 2017 01:02:29 AM IST     
Build Host:
Group: Applications/Internet         
Source RPM: nc-1.84-24.el6.src.rpm
Size: 111502                           
License: BSD
Signature   : RSA/SHA1, Mon 08 Dec 2014 07:05:39 PM IST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <>
Summary: Reads and writes data across network connections using TCP or UDP
Description: The nc package contains Netcat (the program is actually nc), a simple utility for reading and writing data across network connections, 
using the TCP or UDP protocols. Netcat is intended to be a reliable back-end tool which can be used directly or easily driven by other programs and scripts.  Netcat is also a feature-rich network debugging and exploration tool since it can create many different connections and has many built-in capabilities.
You may want to install the netcat package if you are administering a network and you'd like to use its debugging and network exploration capabilities.

Verifying netcat on Ubuntu/Debian

Ubuntu systems come pre-installed with the BSD variant of netcat along with the traditional version.

In ubuntu the nc command iactually a soft link as shown below:
root@linuxnix:~# ls -l /bin/nc
lrwxrwxrwx 1 root root 20 Oct 16 06:07 /bin/nc -> /etc/alternatives/nc
root@linuxnix:~# ls -l /etc/alternatives/nc
lrwxrwxrwx 1 root root 15 Oct 16 06:07 /etc/alternatives/nc -> /bin/nc.openbsd
root@linuxnix:~# ls -l /bin/nc.openbsd
-rwxr-xr-x 1 root root 31248 Dec  3  2012 /bin/nc.openbsd
root@linuxnix:~# dpkg -S /bin/nc.openbsdnetcat-openbsd: /bin/nc.openbsd
root@linuxnix:~# dpkg -s netcat-openbsd
Package: netcat-openbsd
Status: install ok installed
Priority: important
Section: netInstalled-Size: 109
Maintainer: Ubuntu Developers <>
Architecture: amd64Version: 1.105-7ubuntu1
Replaces: netcat (<< 1.10-35)Provides: netcat
Depends: libbsd0 (>= 0.2.0), libc6 (>= 2.16)Breaks: netcat (<< 1.10-35)
Description: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol.  
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. 
At the same time, it is a feature-rich network debugging and exploration tool since it can create almost any kind of connection you would need and has several interesting built-in capabilities. 
This package contains the OpenBSD rewrite of netcat, including support for IPv6, proxies, and Unix sockets.
Original-Maintainer: Aron Xu <>

The BSD variant of netcat may have slightly different or a couple of more options as compared to the traditional version of netcat.
This is the output produced from running the BSD version without any options.

root@linuxnix:~# nc
This is nc from the netcat-openbsd package.
An alternative nc is availablein the netcat-traditional package.
usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]          
[-P proxy_username] [-p source_port] [-q seconds] [-s source]          [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]         
 [-x proxy_address[:port]] [destination] [port]

In contrast to the above, this is the output produced by running netcat without any options on my centos system.

[root@linuxnix ~]# nc
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]          
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]         [-x proxy_address[:port]] [hostname] [port[s]]

Now we will go through some examples to understand how we can use netcat according to our requirements.

Getting help from nc command

Use nc command with the -h option to obtain a short description about some of the options that are available for use with netcat.

[root@linuxnix ~]# nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]          
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]         
 [-x proxy_address[:port]] [hostname] [port[s]]        
Command Summary:             

-4              Use IPv4           
-6              Use IPv6               
-D              Enable the debug socket option               
-d              Detach from stdin               
-h              This help text               

-i secs         Delay interval for lines sent, ports scanned               
-k              Keep inbound sockets open for multiple connects               
-l              Listen mode, for inbound connects               
-n              Suppress name/port resolutions               
-p port         Specify local port for remote connects               
-r              Randomize remote ports               
-S              Enable the TCP MD5 signature option               
-s addr         Local source address               
-T ToS          Set IP Type of Service               
-C              Send CRLF as line-ending               
-t              Answer TELNET negotiation               
-U              Use UNIX domain socket               
-u              UDP mode               
-v              Verbose               
-w secs         Timeout for connects and final net reads               
-X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"               
-x addr[:port]  Specify proxy address and port                
-z              Zero-I/O mode [used for scanning]        
Port numbers can be individual or ranges: lo-hi [inclusive]

Scan TCP port using nc command

Example 1: Using netcat to scan a single port:

Before we get to the demonstration, we’d like to reemphasize our recommendation for using nmap for fulfilling your port scanning needs.

To scan a port, we use nc with the -z option which tells netcat only to examine the port and not initiate a connection.We can also add the -v option to enable more verbose or detailed output.

In the below demonstration we scan port 22 of our Ubuntu system from our centos system:

[root@linuxnix ~]# nc -z 22
Connection to 22 port [tcp/ssh] succeeded!

The connection succeeded message implies that the port is open.

Scan UDP port using nc command

Example 2: Scanning UDP ports instead of TCP.

Let’s see an example this time to scan the 123 on our centos server running the ntpd daemon.

root@linuxnix:~# nc -z -v -u 123
Connection to 123 port [udp/ntp] succeeded!

In this example we added the -u flag to indicate that we are scanning a UDP port and not a TCP port.We would get a connection refused if we did not add the -u option because ntpd listens on UDP port 123.

Here’s a demo of that:

root@linuxnix:~# nc -z -v 123
nc: connect to port 123 (tcp) failed: No route to host

Scanning a range of ports using nc command

Example 3: We can use netcat to examine across a range of ports.

The syntax for that is nc -z <host> <first port>-<last port>

Here is an example:

root@linuxnix:~# nc -z -v 20-27
nc: connect to port 20 (tcp) failed: No route to host
nc: connect to port 21 (tcp) failed: No route to host
Connection to 22 port [tcp/ssh] succeeded!
nc: connect to port 23 (tcp) failed: No route to host
nc: connect to port 24 (tcp) failed: No route to host
nc: connect to port 25 (tcp) failed: No route to host
nc: connect to port 26 (tcp) failed: No route to host
nc: connect to port 27 (tcp) failed: No route to host

In the next article, we’ll use netcat to set up a simple instant messaging interface and transfer files.

The following two tabs change content below.

Sahil Suri

He started his career in IT in 2011 as a system administrator. He has since worked with HP-UX, Solaris and Linux operating systems along with exposure to high availability and virtualization solutions. He has a keen interest in shell, Python and Perl scripting and is learning the ropes on AWS cloud, DevOps tools, and methodologies. He enjoys sharing the knowledge he's gained over the years with the rest of the community.