In this tutorial, we intend to teach you How To Use Netcat Command in Linux.
Netcat is a utility capable of establishing a TCP or UDP connection between two computers, meaning it can write and read through an open port. With the help of the program, files can be transferred and commands can be executed in some instances.
Netcat can be and is also used by server administrators. When a server is hacked, the hacker usually changes and infects the binary files on the system, and so even if the administrator starts cleaning the system it may not succeed because the hacker can track his work.
How To Use Netcat Command in Linux
In this guide, we will discuss how to use the Netcat utility. This versatile command can assist you in monitoring, testing, and sending data across network connections.
Netcat should be available on almost any modern Linux distribution.
General Syntax of Netcat
By default, Netcat operates by initiating a TCP connection to a remote host.
The basic syntax of Netcat is:
netcat [options] host port
This will initiate a TCP connection to the defined host on the port number specified.
Note: Keep in mind that your connection is entirely unencrypted.
If you plan to send a UDP packet instead of initiating a TCP connection, you can use the following structure:
netcat -u host port
Also, you can specify a range of ports by placing a dash between the first and last:
netcat host startport-endport
Port Scanning with Netcat Command
One of the most useful uses of Netcat is port scanning.
However Netcat is probably not the most sophisticated tool for the job (Nmap is a better choice in most cases), it can perform simple port scans to easily identify open ports.
To learn more about Nmap, you can visit this guide on How To Install and Use Nmap on Linux.
For example, you can scan all ports up to 1000 by using the netcat command in Linux:
netcat -z -v domain.com 1-1000
The “-z” option is used to perform a scan instead of attempting to initiate a connection. And the “-v” option is used to tell netcat to provide more verbose information.
This provides a lot of information and will tell you for each port whether a scan was successful or not.
Output nc: connect to domain.com port 1 (tcp) failed: Connection refused nc: connect to domain.com port 2 (tcp) failed: Connection refused nc: connect to domain.com port 3 (tcp) failed: Connection refused nc: connect to domain.com port 4 (tcp) failed: Connection refused nc: connect to domain.com port 5 (tcp) failed: Connection refused nc: connect to domain.com port 6 (tcp) failed: Connection refused nc: connect to domain.com port 7 (tcp) failed: Connection refused . . . Connection to domain.com 22 port [tcp/ssh] succeeded! . . .
You can easily perform your scan by knowing the IP address that you need. For example, use the netcat command in Linux as shown below:
netcat -z -n -v 198.51.100.0 1-1000
-n flag to specify that you do not need to resolve the IP address using DNS.
The messages returned are actually sent to standard error. You can send the standard error messages to standard out, which will allow you to filter the results easier.
We will redirect standard error to standard output using the
2>&1 bash syntax. We will then filter the results with
netcat -z -n -v 198.51.100.0 1-1000 2>&1 | grep succeeded
Output Connection to 198.51.100.0 22 port [tcp/*] succeeded!
Create Client-To-Server Connections with Netcat
The netcat command is used to create client-to-server connections in Linux. It can fulfill both server and client roles.
To create a server that listens to connections on the TCP port 4444, run the following command:
netcat -l 4444
The “-l: parameter means that netcat is in listen (server) mode, and 4444 is the port it listens to; netcat will create a socket server and wait for connections on port 4444. The terminal will remain on hold for a client to connect to the open server with netcat.
On a second server, you can connect to the first machine on the port number you chose. We do this the same way we’ve been establishing connections previously:
netcat domain.com 4444
It will look as if nothing has happened. However, you can now send messages on either side of the connection and they will be seen on either end.
Type a message and press
ENTER. It will appear on both the local and remote screens. This works in the opposite direction as well.
When you are finished passing messages, you can press
CTRL-D to close the TCP connection.
Send Files Through Netcat in Linux
Because we are establishing a regular TCP connection, we can transmit just about any kind of information over that connection. It is not limited to chat messages that are typed in by a user. We can use this knowledge to turn netcat into a file transfer program.
Once again, we need to choose one end of the connection to listen for connections. However, instead of printing information onto the screen, as we did in the last example, we will place all of the information straight into a file:
netcat -l 4444 > received_file
On the second computer, create a simple text file by typing:
echo "Hello, this is a file" > original_file
We can now use this file as input for the Netcat connection we will establish to the listening computer. The file will be transmitted just as if we had typed it interactively:
netcat domain.com 4444 < original_file
We can see on the computer that was awaiting a connection, that we now have a new file called
received_file with the contents of the file we typed on the other computer:
Output Hello, this is a file
Use Netcat as a Simple Web Server
We’ve been configuring the netcat command to listen for connections in order to communicate and transfer files in Linux. You can use this same concept to operate netcat as a very simple web server. This can be useful for testing pages that you are creating.
First, create a simple HTML file on one server:
Add the following HTML code to your file:
<html> <head> <title>Test Page</title> </head> <body> <h1>Level 1 header</h1> <h2>Subheading</h2> <p>Normal text here</p> </body> </html>
When you are done, save and close the file.
Without root privileges, you cannot serve this file on the default web port, port 80. We can choose port 8888 as a regular user.
If you just want to serve this page one time to check how it renders, you can run the following command:
printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888
At this point, you can access the content by typing your server’s IP address in your web browser followed by 8888:
This will serve the page, and then the Netcat connection will close. If you attempt to refresh the page, it will be gone.
You can have Netcat serve the page indefinitely by wrapping the last command in an infinite loop, like this:
while true; do printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888; done
This will allow it to continue to receive connections after the first connection closes.
You can stop the loop by typing
CTRL-C on the server.
At this point, you learn How To Use Netcat Command in Linux.
Hope you enjoy it.
You may be interested in this article about How To Use the curl command in Linux.