Netcat is a versatile networking utility used for reading from and writing to network connections using TCP or UDP. It can be used for port scanning, transferring files, creating simple chat programs, and testing network connectivity. This reference provides common netcat commands and examples to help you utilize its features effectively.
The general syntax for using netcat is:
nc [options] hostname portOr to listen for incoming connections:
nc -l [options] [port]| Option | Description |
|---|---|
-l |
Listen mode for inbound connections. |
-p <port> |
Local port number to use. |
-u |
UDP mode (default is TCP). |
-v |
Verbose output. |
-vv |
More verbose output. |
-z |
Zero-I/O mode (used for port scanning). |
-w <secs> |
Timeout for connects and final net reads. |
-n |
Numeric-only IP addresses (no DNS resolution). |
-e <command> (GNU netcat or ncat) |
Execute a program after connection is established. |
-c <command> (BSD netcat) |
Execute a program and connect its input/output to the network. |
Check if a specific port is open on a remote host:
# Check if port 80 is open on example.com
nc -v example.com 80Scan a range of ports on a remote host:
# Scan ports 20 to 25 on example.com
nc -v -z example.com 20-25The -z option tells netcat to use zero-I/O mode, suitable for scanning.
On the listening machine (Machine A):
# Listen on port 5000
nc -l 5000On the connecting machine (Machine B):
# Connect to Machine A's IP on port 5000
nc [Machine_A_IP] 5000Now, both users can type messages and communicate.
On the receiving machine:
# Listen on port 6000 and redirect output to received_file.txt
nc -l 6000 > received_file.txtOn the sending machine:
# Send file.txt to the receiver
nc [Receiver_IP] 6000 < file.txtThe roles can be reversed depending on your preference.
Manually send an HTTP GET request to a web server:
nc example.com 80
GET / HTTP/1.1
Host: example.com
[Press Enter Twice]The server's response will be displayed.
Serve a directory over HTTP:
# Use ncat (from Nmap) to serve files
ncat -l 8080 --exec "/bin/cat index.html" --keep-openNote: This example uses ncat from Nmap, which has additional features.
Forward connections from one port to another:
# Forward port 8080 to 80
mkfifo backpipe
nc -l 8080 0<backpipe | nc localhost 80 1>backpipeNote: This is a simplified example. For more robust port forwarding, consider using ssh or dedicated tools.
Listen on a UDP port to monitor incoming messages:
# Listen on UDP port 9999
nc -u -l 9999Send a UDP broadcast message:
# Send "Hello Network" to UDP port 9999
echo "Hello Network" | nc -u -b 192.168.1.255 9999Note: Replace 192.168.1.255 with your network's broadcast address.
Check which ports are open on your local machine:
# Scan local ports from 1 to 1024
nc -zv localhost 1-1024Set a timeout for connections:
# Try to connect to example.com on port 80 with a 5-second timeout
nc -w 5 example.com 80Start a simple TCP server that echoes received data:
# Listen on port 7000
nc -l 7000Connect to the server and send messages:
# Connect to the server on port 7000
nc [Server_IP] 7000-v or -vv to get more detailed information during connections.-n to skip DNS lookups.| Command | Description |
|---|---|
nc -l [port] |
Listen on a TCP port for incoming connections. |
nc -u -l [port] |
Listen on a UDP port for incoming connections. |
nc [hostname] [port] |
Connect to a host on a specified port. |
nc -zv [hostname] [ports] |
Scan for open ports on a host. |
nc -w [seconds] [hostname] [port] |
Set a timeout for connections. |
nc -v -n -l [port] |
Listen on a port with verbose output and no DNS resolution. |
nc -k -l [port] |
Keep listening after client disconnects (-k option, may not be available in all versions). |