Netcat: TCP/IP swiss army Knife

This article shows you some useful usage examples for netcat. Netcat is known as the TCP/IP swiss army knife. From the netcat man page: netcat is a simple unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts.
At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, what’s more, it has several interesting built-in capabilities.

I’m using two systems for testing purpose in this article, they are:
* server-A.example.com: IP address 192.168.1.10
* server-B.example.com: IP address 192.168.1.11

netcat should already be installed on both of these systems – you can check with this command: which nc
To learn more about netcat, just take a look at its man page by the command: man nc

Example 1 – Copying A File From One System To The Other
Let’s say we want to copy the file ISPConfig-3.0.0.9.tar.gz from server-A to server-B. To do this, run on server-B:
nc -lp 1234 > ISPConfig-3.0.0.9.tar.gz

on server-B (1234 is some unused port – you can replace it with another value if you like). server-B will then wait for the file ISPConfig-3.0.0.9.tar.gz on port 1234.

On server-A, run: nc -w 1 server-B.example.com 1234 < ISPConfig-3.0.0.9.tar.gz
to start the file transfer.

Example 2 – Cloning hard drives and partitions
You can even use netcat to clone hard drives (and partitions) over network. For this example, I want to clone /dev/sda from server-A to server-B. Of course, the to-be-cloned partitions must be unmounted on the target system, so if you want to clone the system partition, you must boot the target system (server-B) from a rescue system or LiveCD such as Knoppix. Please keep a note that the target system’s IP address might need a change.

On server-B, run: nc -l -p 1234 | dd of=/dev/sda

Afterwards, on server-A, run: dd if=/dev/sda | nc 192.168.1.11 1234
to start the cloning process. This can take some time, depending on the size of the hard drive or partitions.

Example 3
– Port Scanning
On server-A, you can scan for open ports on server-B as follows:  nc -v -w 1 server-B.example.com -z 1-1000
(1-1000 means: scan ports from port number 1 to port number 1000.)

You can also scan ports on the local system:  nc -v -w 1 localhost -z 1-1000

Example 4 – Spoofing HTTP Headers
You can use netcat to request web pages:
nc ispconfig.org 80

You can then type in headers as follows:
GET / HTTP/1.1
Host: ispconfig.org
Referrer: mypage.com
User-Agent: my-browser

As you see, this allows you to make up your own referrers and browser (User-Agent). After you’ve typed in your headers, press ENTER twice, and the requested page will appear (including the headers sent back by the remote server):

server-B:~# nc exampple.com 80
GET / HTTP/1.1
Host: example.com
Referrer: mypage.com
User-Agent: my-browser

HTTP/1.1 200 OK
Date: Fri, 28 Nov 2008 14:11:49 GMT
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c
Last-Modified: Wed, 26 Nov 2008 19:34:17 GMT
ETag: “228c707-21b1-b6b7e040”
Accept-Ranges: bytes
Content-Length: 8625
Content-Type: text/html
[…]

Example 5 – Chatting
You can even use netcat to chat from one system to the other on the command line.

Type on server-B:  nc -lp 1234
server-B will then wait until server-A connects on port 1234.

On server-A, run this command: nc server-B.example.com 1234

Now you can type in messages on either system and press ENTER, and they will appear on the other system. To close the chat, press CTRL+C on either system.

Example 6 – Serving Web Pages
You can even use netcat to act as a web server: while true; do nc -l -p 80 -q 1 < webpage.html; done

would serve the page webpage.html until you close the terminal window.

netcat project home page: http://netcat.sourceforge.net/

Share Button

2 thoughts on “Netcat: TCP/IP swiss army Knife

Leave a comment

Your email address will not be published. Required fields are marked *