Netcat: The TCP/IP Swiss army knife
Posted by Steve on Thu 16 Dec 2004 at 11:28
Of all the networking tools I'm familiar with I use four more than any other; ping, traceroute, nmap, and netcat. The first two utilities are standard on many operating systems. nmap is a port scanner which makes it simple to identify the services running on a machine. Netcat? That's a general purpose tool described by its author as a TCP/IP swiss army knife.
The utility of netcat comes from its extreme simplicity, it does one simple job very well. The main job of the package is to open up a network pipe, you connect to a host and it sends all input to it, and shows you the output.
It's almost the same as a telnet client, but much more scriptable.
For example we can connect to a webserver using netcat and send a command to it - getting the result piped back to us.
skx@lappy:~$ echo -e "HEAD / HTTP/1.0\n" | nc www.foo.com 80 Date: Wed, 15 Dec 2004 23:05:36 GMT Server: Apache/1.3.29 (Unix) PHP/4.3.8 X-Powered-By: PHP/4.3.8 X-Accelerated-By: PHPA/1.3.3r2 Location: http://0.0.0.0/ Connection: close Content-Type: text/html
Here we used the echo command to send get input to the process, instead we could type it manually:
nc www.foo.com 80 HEAD / HTTP/1.0 [ret] HTTP/1.1 302 Found Date: Wed, 15 Dec 2004 23:06:41 GMT Server: Apache/1.3.29 (Unix) PHP/4.3.8 X-Powered-By: PHP/4.3.8 X-Accelerated-By: PHPA/1.3.3r2 Location: http://0.0.0.0/ Connection: close Content-Type: text/html
As well as setting up a pipe to a remote machine sending our input to it, and showing us the output from the far side we can use it in the reverse manner.
In this case we tell it to listen to a port - and send some text back to anybody who connects to us:
skx@lappy:~$ nc -l -p 2000 -e /usr/bin/uptime
The command line flags used here are -l for listen, -p 2000 for listening on port 2000, and -e /usr/bin/uptime to execute the uptime command when clients connect.
From a different machine you can test this, by connecting to port 2000 and seeing the output:
skx@lappy:~$ telnet localhost 2000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 00:07:50 up 3:03, 4 users, load average: 0.08, 0.11, 0.20 Connection closed by foreign host.
There we see that we've been sent the output of the uptime command, after which the netcat process has exited.
We can write a very simple servers that do simple jobs, or forward traffic between machines using this principle.
For example if you wished to redirect traffic from port 24 on one machine to port 22 on another then you could insert a line like this inside your /etc/inetd.conf file:
24 stream tcp nowait nobody /usr/sbin/tcpd /bin/nc 192.168.1.1 22
(Don't forget to restart inetd by executing /etc/init.d/inetd restart).
Now when you connect to your server on port 24 you'll be seamlessly redirected to the SSH port (22) on the remote machine 192.168.1.1.
This is just one example of the kind of job netcat can be setup to handle, for more inspiration read the manpage by running "man netcat".
There's also a good page online with a few samples of fun things to do with netcat here: