Netcat certainly belongs in every admin's toolbox. This tiny free command line tool has been available since 1995. It helps you troubleshoot network related problems. The best way to understand what kind of things you can do with netcat is through examples:

Latest posts by Michael Pietroforte (see all)

Use netcat as a simple port scanner

nc -v -w 1 somehost -z 1-1024

This command checks which ports between 1 and 1024 of a computer called somehost are open. The option -v stands for verbose, -w specifies the timeout in seconds, and -z means zero-I/O to operate netcat in scanning mode. There are certainly more sophisticated port scanners such as nmap. But remember, netcat is a swiss army knife, so it keeps things simple.

Use netcat to talk to your servers

Sometimes you know that a backend application has opened the right port, but your client refuses to connect. To track down the problem it is useful "to talk" to the server to see if the program is actually transmitting meaningful data.

nc -v 80

This command will open a connection to Microsoft's Web server. You'll get something like this as answer:

DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: != [] 80 (http) open

Now, if you want to talk with Microsoft's server you have to know a little HTTP:

GET / HTTP/1.0

This tells the Web server that you want to load the default file in the root folder using the HTTP 1.0 protocol. After hitting RETURN twice, you should get this answer from Redmond:

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en/us/default.aspx
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2007 12:32:16 GMT
Connection: keep-alive
Content-Length: 136

So, it is really true. Microsoft operates its Web servers with IIS 7.0 already.

Use netcat to test a connection

Sometimes one doesn't know whether a program is not working properly or if it is just a network problem. Usually, you would use ping to make sure that the connection stands. But if it is a complex network problem, for example if a firewall is involved, then you can work with netcat. With this command netcat will listen on port 6000 on the server side:

nc  -v -l -p 6000

Of course, if you want to try the port your backend application uses, you have to shut it down first.

On your client computer you connect to the server with this command:

nc yourhost -v 6000

Netcat will then establish a connection between your server and your client. Now, you just type something on the client console and hit ENTER. If the connection works properly, it should show up on the server console. On the client side it looks like this:

nc -v 6000
DC1 [] 6000 (?) open
test blah blah

And on the server you would see this:

nc -v -l -p 6000
listening on [any] 6000 ...
connect to [] from XPEN [] 1391
test blah blah

1391 is the local port on the client in this example. If you think that your network connection is just a bit shaky or too slow, you could send larger amounts of texts to see how it gets through.

Use netcat to feel like a super cool hacker

Netcat can also be used to remotely manage a computer easily. This is why some anti-malware tools raise alarm if they detect netcat. The -e option allows you to launch a certain program whenever you connect to a certain port:

nc -v -l -e cmd -p 6000

You then connect to this server with:

nc yourhost 6000

This will launch a command prompt on the server which you can control from the client. Type ipconfig, if you are not sure where you actually are.

These were just a few examples. This little tool can do more. Here is the list of all options that netcat 1.11 for Windows supports:

nc -h
[v1.11 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
-d detach from console, background mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation2
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]

Subscribe to 4sysops newsletter!


  1. fuller 16 years ago

    how does it work??

  2. Could you be a bit more specific? What doesn’t work?

  3. wud 16 years ago

    I was just googling around hoping to find a netcat intro by example. Good Work.

  4. Wud, good that it worked for you 😉

  5. Etienne 14 years ago

    Good article, I was just looking for an Netcat introduction.

  6. laks 13 years ago

    Thanks Mike for an wonderful article on Netcat. Your articles was helpful in troubleshooting my issue with netcat connectivity.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account