Netcat certainly belongs in every admin's toolbox. This tiny free command line tool has been available since 1995. It helps you troubleshoot network related problems. The best way to understand what kind of things you can do with netcat is through examples:
Latest posts by Michael Pietroforte (see all)
- Results of the February competitions - Fri, Mar 10 2017
- 4sysops IT news and winners of the first competition - Thu, Feb 2 2017
- Three new free IT pro eBooks in the wiki: Docker, Windows Server 2016, Data Science - Thu, Jan 12 2017
Use netcat as a simple port scanner ^
nc -v -w 1 somehost -z 1-1024
This command checks which ports between 1 and 1024 of a computer called somehost are open. The option -v stands for verbose, -w specifies the timeout in seconds, and -z means zero-I/O to operate netcat in scanning mode. There are certainly more sophisticated port scanners such as nmap. But remember, netcat is a swiss army knife, so it keeps things simple.
Use netcat to talk to your servers ^
Sometimes you know that a backend application has opened the right port, but your client refuses to connect. To track down the problem it is useful "to talk" to the server to see if the program is actually transmitting meaningful data.
nc -v www.microsoft.com 80
This command will open a connection to Microsoft's Web server. You'll get something like this as answer:
DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwbaytest1.microsoft.com
DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwbaytest2.microsoft.com
DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwtk2test1.microsoft.com
DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwtk2test2.microsoft.com
lb1.www.ms.akadns.net [18.104.22.168] 80 (http) open
Now, if you want to talk with Microsoft's server you have to know a little HTTP:
GET / HTTP/1.0
This tells the Web server that you want to load the default file in the root folder using the HTTP 1.0 protocol. After hitting RETURN twice, you should get this answer from Redmond:
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo
NT COM INT NAV ONL PHY PRE PUR UNI"
Date: Sat, 13 Oct 2007 12:32:16 GMT
So, it is really true. Microsoft operates its Web servers with IIS 7.0 already.
Use netcat to test a connection ^
Sometimes one doesn't know whether a program is not working properly or if it is just a network problem. Usually, you would use ping to make sure that the connection stands. But if it is a complex network problem, for example if a firewall is involved, then you can work with netcat. With this command netcat will listen on port 6000 on the server side:
nc -v -l -p 6000
Of course, if you want to try the port your backend application uses, you have to shut it down first.
On your client computer you connect to the server with this command:
nc yourhost -v 6000
Netcat will then establish a connection between your server and your client. Now, you just type something on the client console and hit ENTER. If the connection works properly, it should show up on the server console. On the client side it looks like this:
nc -v 10.0.0.1 6000
DC1 [10.0.0.1] 6000 (?) open
test blah blah
And on the server you would see this:
nc -v -l -p 6000
listening on [any] 6000 ...
connect to [10.0.0.1] from XPEN [10.0.0.140] 1391
test blah blah
1391 is the local port on the client in this example. If you think that your network connection is just a bit shaky or too slow, you could send larger amounts of texts to see how it gets through.
Use netcat to feel like a super cool hacker ^
Netcat can also be used to remotely manage a computer easily. This is why some anti-malware tools raise alarm if they detect netcat. The -e option allows you to launch a certain program whenever you connect to a certain port:
nc -v -l -e cmd -p 6000
You then connect to this server with:
nc yourhost 6000
This will launch a command prompt on the server which you can control from the client. Type ipconfig, if you are not sure where you actually are.
These were just a few examples. This little tool can do more. Here is the list of all options that netcat 1.11 for Windows supports:
[v1.11 NT www.vulnwatch.org/netcat/]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
-d detach from console, background mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation2
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]