Netcat (nc) Command With Examples
What is Netcat Used For?
Netcat may be a beneficial tool for any IT team, while the advent of internally controlled network services and cloud computing make that specific setting a natural match. Network and system administrators need to be able to rapidly determine how their network is working and what sort of activity is happening.
Netcat acts as a back-end utility that enables port scanning and port listening. In addition, you may really transfer files directly over Netcat or use it as a backdoor into other networked computers. Partnered with a product like Varonis Edge, you would get an alert of any strange behavior and could then utilize Netcat to investigate. Lastly, Netcat is a versatile tool because of how it can be written for bigger jobs.
Basic Netcat Commands
Once you have a Netcat application set up on your Windows or Linux server, you can start executing simple commands to evaluate its operation. Here are a few to get started with:
nc -help – This command will produce a list of all of the possible commands you may use in Netcat. It will come in helpful if you run into any issues when constructing a script or are confused of how to continue.
nc -z -v site.com – This will do a simple port scan of the selected website or server. Netcat will offer verbose results with lists of ports and statuses. Keep in mind that you may use an IP address in lieu of the site domain.
nc -l – This command will advise the local system to begin listening for TCP connections and UDP events on a given port number.
nc site.com 1234 (less than) file name – This command will commence the transfer of a file depending on the provided port number.
Printf – Netcat may really run as a basic web host. This command will enable you store HTML code and publish it via your local server.
Netcat Command Syntax
All Netcat commands must start with the “netcat” identifier or “nc” as a shorter alternative. By default, the Netcat program will presume you wish to do a port scan unless you say otherwise.
Different option options may be used that include: “-u” for UDP traffic instead of TCP, “-v” for verbose output, “-p” to indicate a particular port, and “-D” to switch on full debugging mode. Individual characteristics inside a Netcat command must be separated with a space. The command prompt will warn you if you have a mistake or unrecognized phrase in your script.
Port Scanning using Netcat Commands
When attempting to troubleshoot a network issue or performance problem, conducting a port scan using Netcat is a wise first step to do. The scan will verify the status of all ports on the supplied domain or IP address so that you may detect whether a firewall or other blocking device is in place.
A simple port scan command for an IP ncat address looks like this:
nc -v -n 220.127.116.11 1-1000
Note that the numbers at the end of the command instruct Netcat to only search for ports between numbers 1 and 1000.
If you don’t know the IP address of a server or website, then you may check it out with a ping terminal command or simply input the domain into the Netcat command:
nc -v -n google.com 1-1000
You should always execute port scans while connecting to your local company network. If not, you may setup your router with a VPN provider to establish a secure tunnel into the network.
Create a Chat or Web Server
Chat programs are on the increase. From open-source solutions to ones that appeared to suddenly achieve tremendous popularity, there are a broad choice of chat and communication tools accessible to industrial enterprises. The fact is that some IT specialists and system administrators would prefer a basic text-only solution. Windows Netcat can truly fulfil that demand and enable for the transfer of messages over a local network.
To get started, you first need Netcat to start listening on a port number. Make cautious not to pick a port that is already in use by another application or service.
nc -l -p 1299
Then all you need to do is begin the chat session with a fresh TCP connection:
nc localhost 1299
This procedure may also be used to set up a rudimentary web server from your local PC. Netcat will operate as the web host and enable you to store HTML content which can then be accessed using a web browser.
First, create a new text document on your local machine and be sure to utilize the correct HTML tags. Then save the file as “index.html” and save it in the root of your Netcat directory. Now go back to the Netcat program and perform this command:
printf ‘HTTP/1.1 200 OK\n\n percent s’ “$(cat index.html)” | netcat -l 8999
To see the HTML in action, just open any web browser and go to your local IP address with 8999 at the end to identify the port of the host.
Verbose Scan using Netcat Commands
Every command you perform in Netcat will contain particular output text to indicate whether it was successful or not. For troubleshooting and debugging reasons, you’ll want to collect as much information and logs as possible while also investing in solutions like Varonis Datalert to identify dangers and react rapidly. Netcat can aid owing to the verbose argument which may be supplied to any basic Netcat command. Simply add “-v” to your command and run it again.
Even with this option switched on, Netcat will not divulge any of your passwords or login data.
HTTP Requests using Netcat Commands
We’ve explored how you can use Netcat to host HTML pages on your local machine. But the utility tool may also be used to perform web queries to remote servers. In this method, Netcat will basically serve as a web browser by accessing raw HTML code.
Along with a product like Varonis Edge, Netcat may be beneficial for IT experts who are looking at internet traffic difficulties or proxies. Here’s an example of how to extract the HTML content from Google’s homepage:
printf “GET / HTTP/1.0\r\n\r\n” | nc google.com 80
Note that the port number 80 is necessary for this sort of command as the world wide web uses it as a default for TCP over IP connections.
TCP Server and TCP Client Commands
Although the TCP protocol is typically utilized for sending web traffic over the globe, it may potentially be employed at a local level for file transfers. To do this, you need to run Netcat from two locations: one that will function as a server to transmit the file and one that will act as the client to receive it.
Run this Netcat command on the server instance to transfer the file through port 1499:
nc -l 1499 > filename.out
Then execute this command on the client to accept, receive, and end the connection:
nc server.com 1499 (less than) filename.in
Make careful to replace “server.com” with the exact hostname or IP address of the transmitting server.
ITEM with Netcat Commands
Newer versions of Netcat enable you to utilize ITEM format for sending data instead of the traditional TCP or UDP protocols. To do this, you must follow this syntax:
file path (pipe) device path (pipe) network host
Prevent DNS Lookup using Netcat Commands
Netcat commands execute quickest when they are functioning exclusively on IP addresses. This because no time is spent communicating to domain name servers (DNS) to convert server names into IP addresses. If you discover that your Netcat commands are still running sluggish, be sure to include the “-n” operator so that the program understands that DNS lookups are not necessary.
Shell Scripting with Netcat
As indicated previously, one of the advantages of utilizing Netcat is that it may be used as part of a bigger script that performs an automated operation. As part of your security measures, you may wish to do a thorough port scan on all of your servers to discover new dangerous programs that are waiting for a connection.
You could create a script that:
1. Imports a text file with server names or IP addresses
2. Calls Netcat to do a port scan on each server
3. Writes the result to a new text file for analysis
Multiple Netcat commands may be put together in a single script and be launched from either a Linux or Windows shell. In certain circumstances, it may be useful to have the scripts on a regular basis.
Launching Reverse (Backdoor) Shells
To get started, you need to activate the shell tool over a Netcat command by utilizing Netcat reverse shell:
nc -n -v -l -p 5555 -e /bin/bash
Then from any other machine on the network, you may test how to perform commands on the host after a successful Netcat connection in bash.
nc -nv 127.0.0.1 5555
A reverse shell is a remote access strategy where you execute administrative commands from one terminal while connecting to another server on the network. To get started, you need to activate the shell tool over a Netcat command by utilizing Netcat reverse shell:
nc -n -v -l -p 5555 -e /bin/bash
Then from any other machine on the network, you can test how to execute commands on the specified host after successful Netcat connection in bash:
nc -nv 127.0.0.1 5555
In today’s fast-changing world of technology and more complicated networks, firms need to be proactive when it comes to cybersecurity. That involves employing professionals who know what risks to look for and how to tackle them. Otherwise, a single incidence of a hack like ransomware might lead to enduring harm for the whole firm. Pairing solutions from Varonis with tools like Netcat will assist to make your internal network safer.