In this guide we’ll show you how to use the netcat command in Linux. The netcat (nc) command is an unix system command, meaning, that it can be also be used on macOS.
What is the Netcat Command in Linux?
The netcat command (nc) is an unix system command that is used to perform different network tasks. It runs on nix system such as Linux, BSD and/or macOS.
With the nc command you can connect to the TCP/UDP ports of any given host. This way you can connect to other servers using different network protocols. Moreover, it is also possible to direct servers that only listen for incoming requests on specific ports. Ports will be opened by default through the TCP protocol, although it is also possible to do so with the UDP protocol.
The basic syntax of the Netcat command is: nc [options] HOST PORT.
Different Options
The nc command accepts, among others, the following basic options:
-l: Used to make Netcat listen on a specific port. It will accept a single connection from a single client before shutting down.-k: Used in conjunction with the-loption to keep the port open after receiving a connection, with the intent of waiting for more connections.-u: Allows to open ports with the UDP protocol instead of the default TCP protocol.-p: Specify which port to connect to.-v: Verbose, used to display information about the connection.
In addition, you can also set delays between message sending and receiving times using these options:
-qseconds: After reading the input data, the specified amount in seconds will be waited before sending a response back.-iseconds: Delay will be added according to the specified amount in seconds for both, sending and receiving.
How to use the Netcat Command in Linux
Examples:
Connecting to a local server
As we previously mentioned the default syntax of the nc command is:
nc HOST PORTYou can either specify the IP or the domain name you are trying to connect to:
example
nc localhost 9000
or
nc 127.0.0.1 9000Once connected, you will be able to send and receive messages, and the response from the remote server will be displayed on the terminal. With this, you can work at the application level using HTTP, FTP, SMTP, and many other protocols you might be using.
Connecting to a remote server
Similar to the local connection we’ll be using the same syntax. This time, we’ll be sending a GET request.
nc linuxify.dev 9000
GET HTTP/1.1The expected response is a 400 bad requests as we are using CloudFlare’s DNS.
output
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 24 Jun 2022 01:54:32 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>Alternatively, you are also able to send any message or instructions through a .txt file:
nc linuxify.dev 8000 < text.txtObtaining remote server information
With the nc command we can get, with the use of the echo command so that t sends the EXIT instruction, the remote servers’ software.
For example, we’ll use the default SSH port (22):
echo "EXIT" | nc s1.linuxify.dev 22output
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020Scanning Ports with the Netcat command in Linux
You can use the Netcat command to inspect and scan local or remote networks. For example, you can scan the ports that are open on a server, providing a range of ports.
In the following example we’ll scan the port range 1-1000 on our local server, using the -z flag to tell Netcat to only scan the open ports, without sending data. The -v flag allows information to be displayed on the screen:
nc -v -z localhost 1-10000output
linuxify@dev ~ # nc -v -z localhost 1-10000
nc: connect to localhost port 1 (tcp) failed: Connection refused
nc: connect to localhost port 2 (tcp) failed: Connection refused
nc: connect to localhost port 3 (tcp) failed: Connection refused
nc: connect to localhost port 4 (tcp) failed: Connection refused
nc: connect to localhost port 5 (tcp) failed: Connection refused
nc: connect to localhost port 6 (tcp) failed: Connection refused
nc: connect to localhost port 7 (tcp) failed: Connection refused
nc: connect to localhost port 8 (tcp) failed: Connection refused
nc: connect to localhost port 9 (tcp) failed: Connection refused
nc: connect to localhost port 10 (tcp) failed: Connection refusedIf you are only looking to see which port is open, you can use the grep command to help you filter and only display the open ports:
nc -v -z localhost 1-10000 2>&1 | grep succeeded
output
linuxify@dev ~ # nc -v -z localhost 1-10000 2>&1 | grep succeeded
Connection to localhost 22 port [tcp/ssh] succeeded!
Connection to localhost 80 port [tcp/http] succeeded!
Connection to localhost 3306 port [tcp/mysql] succeeded!
Connection to localhost 9180 port [tcp/*] succeeded!Copy Files with the Netcat in Linux
With nc you can also transfer files:
nc host port > fileexample
nc localhost 9000 > file.txtSummary
This guide showed you some of the most basinc netcat command in linux. Along with some examples!