Netcat certainly belongs in every admin's toolbox. This tiny free command line tool has been available since 1995. It helps you troubleshoot network related problems. The best way to understand what kind of things you can do with netcat is through examples:

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Use netcat as a simple port scanner ^

nc -v -w 1 somehost -z 1-1024

This command checks which ports between 1 and 1024 of a computer called somehost are open. The option -v stands for verbose, -w specifies the timeout in seconds, and -z means zero-I/O to operate netcat in scanning mode. There are certainly more sophisticated port scanners such as nmap. But remember, netcat is a swiss army knife, so it keeps things simple.

Use netcat to talk to your servers ^

Sometimes you know that a backend application has opened the right port, but your client refuses to connect. To track down the problem it is useful "to talk" to the server to see if the program is actually transmitting meaningful data.
nc -v 80

This command will open a connection to Microsoft's Web server. You'll get something like this as answer:
DNS fwd/rev mismatch: != fwd/rev mismatch: != fwd/rev mismatch: != fwd/rev mismatch: != [] 80 (http) open

Now, if you want to talk with Microsoft's server you have to know a little HTTP:
GET / HTTP/1.0

This tells the Web server that you want to load the default file in the root folder using the HTTP 1.0 protocol. After hitting RETURN twice, you should get this answer from Redmond:
HTTP/1.1 302 FoundCache-Control: privateContent-Type: text/html; charset=utf-8Location: /en/us/default.aspxServer: Microsoft-IIS/7.0X-AspNet-Version: 2.0.50727P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMoNT COM INT NAV ONL PHY PRE PUR UNI"X-Powered-By: ASP.NETDate: Sat, 13 Oct 2007 12:32:16 GMTConnection: keep-aliveContent-Length: 136

So, it is really true. Microsoft operates its Web servers with IIS 7.0 already.

Use netcat to test a connection ^

Sometimes one doesn't know whether a program is not working properly or if it is just a network problem. Usually, you would use ping to make sure that the connection stands. But if it is a complex network problem, for example if a firewall is involved, then you can work with netcat. With this command netcat will listen on port 6000 on the server side:
nc  -v -l -p 6000

Of course, if you want to try the port your backend application uses, you have to shut it down first.

On your client computer you connect to the server with this command:
nc yourhost -v 6000

Netcat will then establish a connection between your server and your client. Now, you just type something on the client console and hit ENTER. If the connection works properly, it should show up on the server console. On the client side it looks like this:
nc -v 6000DC1 [] 6000 (?) opentest blah blah

And on the server you would see this:
nc -v -l -p 6000listening on [any] 6000 ...connect to [] from XPEN [] 1391test blah blah

1391 is the local port on the client in this example. If you think that your network connection is just a bit shaky or too slow, you could send larger amounts of texts to see how it gets through.

Use netcat to feel like a super cool hacker ^

Netcat can also be used to remotely manage a computer easily. This is why some anti-malware tools raise alarm if they detect netcat. The -e option allows you to launch a certain program whenever you connect to a certain port:
nc -v -l -e cmd -p 6000

You then connect to this server with:
nc yourhost 6000

This will launch a command prompt on the server which you can control from the client. Type ipconfig, if you are not sure where you actually are.

These were just a few examples. This little tool can do more. Here is the list of all options that netcat 1.11 for Windows supports:
nc -h[v1.11 NT]connect to somewhere:   nc [-options] hostname port[s] [ports] ...listen for inbound:     nc -l -p port [options] [hostname] [port]options:-d              detach from console, background mode-e prog         inbound program to exec [dangerous!!]-g gateway      source-routing hop point[s], up to 8-G num          source-routing pointer: 4, 8, 12, ...-h              this cruft-i secs         delay interval for lines sent, ports scanned-l              listen mode, for inbound connects-L              listen harder, re-listen on socket close-n              numeric-only IP addresses, no DNS-o file         hex dump of traffic-p port         local port number-r              randomize local and remote ports-s addr         local source address-t              answer TELNET negotiation2-u              UDP mode-v              verbose [use twice to be more verbose]-w secs         timeout for connects and final net reads-z              zero-I/O mode [used for scanning]port numbers can be individual or ranges: m-n [inclusive]

Netcat ^

Win the monthly 4sysops member prize for IT pros

  1. fuller 12 years ago

    how does it work??


  2. Michael Pietroforte 12 years ago

    Could you be a bit more specific? What doesn't work?


  3. wud 12 years ago

    I was just googling around hoping to find a netcat intro by example. Good Work.


  4. Michael Pietroforte 12 years ago

    Wud, good that it worked for you 😉


  5. Netcat 11 years ago

    [...] [...]


  6. Etienne 10 years ago

    Good article, I was just looking for an Netcat introduction.


  7. laks 9 years ago

    Thanks Mike for an wonderful article on Netcat. Your articles was helpful in troubleshooting my issue with netcat connectivity.



Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2019


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account