How To Use Netcat Command in Linux

In this tutorial, we intend to teach you How To Use Netcat Command in Linux.

Netcat is a utility capable of establishing a TCP or UDP connection between two computers, meaning it can write and read through an open port. With the help of the program, files can be transferred and commands can be executed in some instances.

Netcat can be and is also used by server administrators. When a server is hacked, the hacker usually changes and infects the binary files on the system, and so even if the administrator starts cleaning the system it may not succeed because the hacker can track his work.

How To Use Netcat Command in Linux

In this guide, we will discuss how to use the netcat utility. This versatile command can assist you in monitoring, testing, and sending data across network connections.

Netcat should be available on almost any modern Linux distribution.

General Syntax of Netcat

By default, netcat operates by initiating a TCP connection to a remote host.

The basic syntax of Netcat is:

netcat [options] host port

This will initiate a TCP connection to the defined host on the port number specified.

Note: Keep in mind that your connection is entirely unencrypted.

If you plan to send a UDP packet instead of initiating a TCP connection, you can use the following structure:

netcat -u host port

Also, you can specify a range of ports by placing a dash between the first and last:

netcat host startport-endport

Port Scanning with Netcat Command

One of the most useful uses of Netcat is port scanning.

However netcat is probably not the most sophisticated tool for the job (nmap is a better choice in most cases), it can perform simple port scans to easily identify open ports.

To know more about Nmap, you can visit this guide on How To Install and Use Nmap on Linux.

For example, you can scan all ports up to 1000 by using the netcat command in Linux:

netcat -z -v domain.com 1-1000

The “-z” option is used to perform a scan instead of attempting to initiate a connection. And the “-v” option is used to tell netcat to provide more verbose information.

This provides a lot of information and will tell you for each port whether a scan was successful or not.

Output
nc: connect to domain.com port 1 (tcp) failed: Connection refused
nc: connect to domain.com port 2 (tcp) failed: Connection refused
nc: connect to domain.com port 3 (tcp) failed: Connection refused
nc: connect to domain.com port 4 (tcp) failed: Connection refused
nc: connect to domain.com port 5 (tcp) failed: Connection refused
nc: connect to domain.com port 6 (tcp) failed: Connection refused
nc: connect to domain.com port 7 (tcp) failed: Connection refused
. . .
Connection to domain.com 22 port [tcp/ssh] succeeded!
. . .

You can easily perform your scan by knowing the IP address that you need. For example, use the netcat command in Linux as shown below:

netcat -z -n -v 198.51.100.0 1-1000

The -n flag to specify that you do not need to resolve the IP address using DNS.

The messages returned are actually sent to standard error. You can send the standard error messages to standard out, which will allow you to filter the results easier.

We will redirect standard error to standard output using the 2>&1 bash syntax. We will then filter the results with grep:

netcat -z -n -v 198.51.100.0 1-1000 2>&1 | grep succeeded
Output
Connection to 198.51.100.0 22 port [tcp/*] succeeded!

Create Client-To-Server Connections with Netcat

The netcat command is used to create client-to-server connections in Linux. It can fulfill both server and client roles.

To create a server that listens to connections on the TCP port 4444, run the following command:

netcat -l 4444

The “-l: parameter means that netcat is in listen (server) mode, and 4444 is the port it listens to; netcat will create a socket server and wait for connections on port 4444. The terminal will remain on hold for a client to connect to the open server with netcat.

On a second server, you can connect to the first machine on the port number you chose. We do this the same way we’ve been establishing connections previously:

netcat domain.com 4444

It will look as if nothing has happened. However, you can now send messages on either side of the connection and they will be seen on either end.

Type a message and press ENTER. It will appear on both the local and remote screens. This works in the opposite direction as well.

When you are finished passing messages, you can press CTRL-D to close the TCP connection.

Send Files Through Netcat in Linux

Because we are establishing a regular TCP connection, we can transmit just about any kind of information over that connection. It is not limited to chat messages that are typed in by a user. We can use this knowledge to turn netcat into a file transfer program.

Once again, we need to choose one end of the connection to listen for connections. However, instead of printing information onto the screen, as we did in the last example, we will place all of the information straight into a file:

netcat -l 4444 > received_file

On the second computer, create a simple text file by typing:

echo "Hello, this is a file" > original_file

We can now use this file as an input for the netcat connection we will establish to the listening computer. The file will be transmitted just as if we had typed it interactively:

netcat domain.com 4444 < original_file

We can see on the computer that was awaiting a connection, that we now have a new file called received_file with the contents of the file we typed on the other computer:

cat received_file
Output
Hello, this is a file

Use Netcat as a Simple Web Server

We’ve been configuring the netcat command to listen for connections in order to communicate and transfer files in Linux. You can use this same concept to operate netcat as a very simple web server. This can be useful for testing pages that you are creating.

First, create a simple HTML file on one server:

vi index.html

Add the following HTML code to your file:

<html>
        <head>
                <title>Test Page</title>
        </head>
        <body>
                <h1>Level 1 header</h1>
                <h2>Subheading</h2>
                <p>Normal text here</p>
        </body>
</html>

When you are done, save and close the file.

Without root privileges, you cannot serve this file on the default web port, port 80. We can choose port 8888 as a regular user.

If you just want to serve this page one time to check how it renders, you can run the following command:

printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888

At this point, you can access the content by typing your server’s IP address in your web browser followed by 8888:

http://server_IP:8888

This will serve the page, and then the netcat connection will close. If you attempt to refresh the page, it will be gone.

You can have netcat serve the page indefinitely by wrapping the last command in an infinite loop, like this:

while true; do printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888; done

This will allow it to continue to receive connections after the first connection closes.

You can stop the loop by typing CTRL-C on the server.

Conclusion

At this point, you learn How To Use Netcat Command in Linux.

Hope you enjoy it.

Please subscribe to us on Facebook and Twitter.

You may be interested in this article about How To Use the curl command in Linux.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular