FREE: Netcat – Swiss army knife for network troubleshooting

• Author
• Recent Posts

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Latest posts by Michael Pietroforte (see all)

• Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
• Pip install Boto3 - Thu, Mar 24 2022
• Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022

Use netcat as a simple port scanner

nc -v -w 1 somehost -z 1-1024

This command checks which ports between 1 and 1024 of a computer called somehost are open. The option -v stands for verbose, -w specifies the timeout in seconds, and -z means zero-I/O to operate netcat in scanning mode. There are certainly more sophisticated port scanners such as nmap. But remember, netcat is a swiss army knife, so it keeps things simple.

Use netcat to talk to your servers

Sometimes you know that a backend application has opened the right port, but your client refuses to connect. To track down the problem it is useful "to talk" to the server to see if the program is actually transmitting meaningful data.

nc -v www.microsoft.com 80

This command will open a connection to Microsoft's Web server. You'll get something like this as answer:

DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwbaytest1.microsoft.com

DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwbaytest2.microsoft.com

DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwtk2test1.microsoft.com

DNS fwd/rev mismatch: lb1.www.ms.akadns.net != wwwtk2test2.microsoft.com

lb1.www.ms.akadns.net [207.46.19.190] 80 (http) open

Now, if you want to talk with Microsoft's server you have to know a little HTTP:

GET / HTTP/1.0

This tells the Web server that you want to load the default file in the root folder using the HTTP 1.0 protocol. After hitting RETURN twice, you should get this answer from Redmond:

HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=utf-8

Location: /en/us/default.aspx

Server: Microsoft-IIS/7.0

X-AspNet-Version: 2.0.50727

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo

NT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Date: Sat, 13 Oct 2007 12:32:16 GMT

Connection: keep-alive

Content-Length: 136

So, it is really true. Microsoft operates its Web servers with IIS 7.0 already.

Use netcat to test a connection

Sometimes one doesn't know whether a program is not working properly or if it is just a network problem. Usually, you would use ping to make sure that the connection stands. But if it is a complex network problem, for example if a firewall is involved, then you can work with netcat. With this command netcat will listen on port 6000 on the server side:

nc  -v -l -p 6000

Of course, if you want to try the port your backend application uses, you have to shut it down first.

On your client computer you connect to the server with this command:

nc yourhost -v 6000

Netcat will then establish a connection between your server and your client. Now, you just type something on the client console and hit ENTER. If the connection works properly, it should show up on the server console. On the client side it looks like this:

nc -v 10.0.0.1 6000

DC1 [10.0.0.1] 6000 (?) open

test blah blah

And on the server you would see this:

nc -v -l -p 6000

listening on [any] 6000 ...

connect to [10.0.0.1] from XPEN [10.0.0.140] 1391

test blah blah

1391 is the local port on the client in this example. If you think that your network connection is just a bit shaky or too slow, you could send larger amounts of texts to see how it gets through.

Use netcat to feel like a super cool hacker

Netcat can also be used to remotely manage a computer easily. This is why some anti-malware tools raise alarm if they detect netcat. The -e option allows you to launch a certain program whenever you connect to a certain port:

nc -v -l -e cmd -p 6000

You then connect to this server with:

nc yourhost 6000

This will launch a command prompt on the server which you can control from the client. Type ipconfig, if you are not sure where you actually are.

These were just a few examples. This little tool can do more. Here is the list of all options that netcat 1.11 for Windows supports:

nc -h

[v1.11 NT www.vulnwatch.org/netcat/]

connect to somewhere:   nc [-options] hostname port[s] [ports] ...

listen for inbound:     nc -l -p port [options] [hostname] [port]

options:

-d              detach from console, background mode

-e prog         inbound program to exec [dangerous!!]

-g gateway      source-routing hop point[s], up to 8

-G num          source-routing pointer: 4, 8, 12, ...

-h              this cruft

-i secs         delay interval for lines sent, ports scanned

-l              listen mode, for inbound connects

-L              listen harder, re-listen on socket close

-n              numeric-only IP addresses, no DNS

-o file         hex dump of traffic

-p port         local port number

-r              randomize local and remote ports

-s addr         local source address

-t              answer TELNET negotiation2

-u              UDP mode

-v              verbose [use twice to be more verbose]

-w secs         timeout for connects and final net reads

-z              zero-I/O mode [used for scanning]

port numbers can be individual or ranges: m-n [inclusive]

Netcat