A Gentle Introduction to netcat

Netcat can be regarded as the Swiss Army knife of TCP/IP tools. It allows you to send/receive TCP/UDP packets to diagnose networking issues in your machine.

netcat is also widely available and comes preinstalled on most UNIX based operating systems, including MacOS and popular Linux distros like Ubuntu.

There are many tips and tricks out there to use netcat well, but I’m going to do my best to try to summarize it’s core use case below.

There are two main ways to use netcat: invoking it with the netcat command or its alias, nc.

Sending TCP packets

$ echo '<YOUR MESSAGE HERE>' | nc <HOST> <PORT>

Example:

# Sending ‘hello world!’ to localhost on port 12345.
$ echo 'hello world' | nc localhost 12345

Listening to incoming TCP packets

$ nc -l <PORT>

Example:

$ nc -l 12345 # Tell netcat to listen to port 12345 for TCP packets

With this two basic features, here are some creative use cases:

Sending/Receiving Files:

Let’s say we have a file named example-netcat.txt that contains the a message “hi there, netcat!”:

$ cat example-netcat.txt
hi there, netcat! # contents of example-netcat.txt

Since it can establish and perform two way transfer of data packets, we could easily pipe files from source to destination host like this:

Sender:

nc localhost 12345 < example-netcat.txt

Receiver:

nc -l 12345 > example-netcat2.txt

If this executes successfully, example-netcat2.txt will contain the same contents as example-netcat.txt .

$ cat example-netcat2.txt
hi there, netcat! # which is the same as in the original file.
You can also choose to see packets being transferred by netcat in real time by firing up programs like WireShark or tcpdump.

Port Scanning

nmap is a great tool for port scanning, but you can also use netcat to do basic port scanning tasks.

$ nc -z <HOST> <PORT RANGE>

Example:

# Scan 'host.example.com' with ports ranging from 10 to 50.
$ nc -z host.example.com 10–50

The -z flag basically tells netcat to report open ports only and to not establish connections.

Note that this can take a while, and the time spent here is linearly proportial to the size of the port range being searched.

Other Options

UDP Packets

netcat sends/receives TCP packets by default, but it can also do UDP packets with the -u command line flag:

Sender:

# Sending ‘hello world!’ as UDP packet(s) to localhost on port 12345.
$ echo 'hello world' | nc -u localhost 12345

Receiver:

$ nc -ul 12345 # Tell netcat to listen to port 12345 for UDP packets

Verbose output

netcat also has a verbose -v command line flag:

$ nc -l 12345 -v # Listen on port 12345
Listening on [0.0.0.0] (family 0, port 12345) # This will be printed when verbose is enabled.

Be sure to check out man nc or man netcat for more information.