Using Netcat
The netcat program, or nc, is the “Swiss Army Knife” of networking tools. With this one tool, you can connect to remote systems, transfer files, and even scan ports to see what connections are available.
Determining Open Ports
You can use nc to determine if certain services are running by scanning the ports associated with those services. This is great for troubleshooting your own servers, but you don’t want to just go around scanning anyone’s machines. It sends them traffic, and some systems might think you’re trying to find security vulnerabilities to exploit. For those reasons, you should only scan ports on servers you control.
Still, if you’re attempting to see if you can connect to a server from another machine, or looking to see what ports are listening for connections so you can close them to improve security, you’ll find this useful.
For example, you can scan a domain name or IP address to see if a web server is listening for connections by scanning for port 80, the default port for web servers:
| | $ nc -z -v your_domain_or_ip 80 |
If a web server is running, you’ll see this:
| | Connection to your_domain_or_ip 80 port [tcp/http] succeeded! |
You can also scan ranges of ports. For example, to scan for all ports from 22 (SSH) to 80 (Web), you would execute this command:
| | $ nc -z -v your_domain_or_ip 22-80 |
This command takes an incredibly long time to run, as it scans every port sequentially, attempting to connect. Scanning ranges of ports is usually something you’d do on one of your own machines to see if some ports are open that shouldn’t be. Once you know what’s open, you can explore how to shut them down or block access to them using firewalls.
Making Web Requests
You already used cURL to grab web pages, but netcat can do that too. However, netcat makes you do it a little more interactively.
First, type this command:
| | $ nc www.google.com 80 |
You’ll be greeted by a blank line; netcat is expecting some input. You’re going to craft your own HTTP request by hand. Type the following two lines:
| | GET / HTTP/1.1 |
| | HOST: google.com |
Then, press the ENTER key once more to send a blank line, and you’ll see the response from the server, including the headers and source code for the Google home page stream out to your screen.
You can add more data to the request. For example, when you send a request to a web server, the browser identifies itself, and oftentime sends along the URL of the page the request came from, also known as the referer (which is actually spelled incorrectly, believe it or not.) You can use nc to specify those headers, or even make them up.
Try it out. Make a new request:
| | $ nc www.google.com 80 |
Then, type the following lines in, pressing ENTER after each line:
| | GET / HTTP/1.1 |
| | Host: google.com |
| | User-Agent: Internet Explorer |
| | Referer: awesomeco.com |
Press the ENTER key twice to send the request.
This makes a request with your own crafted request headers, which let you pretend to use Internet Explorer for the request. Why would we do this? Sometimes web developers write code to prevent people from using certain browsers, so you can use the User-Agent header to pretend to be something you’re not and bypass these kinds of restrictions. Of course, a more legitimate usage is to correctly identify the program you’re using.
Serving Files with Netcat
You can use netcat to serve files if you combine it with a little bit of shell scripting. Create a file called hello.txt with some text:
| | $ echo "This is a text file served from netcat" > hello.txt |
Now, execute this command to make netcat listen for connections on port 8000 and serve the hello.txt file:
| | $ while true; do nc -l 8000 < hello.txt; done |
This loops indefinitely, listening for connections on port 8000, and then reads in the file, sending its contents to anything that connects. In another terminal, make a request with curl:
| | $ curl localhost:8000 |
| | This is a text file served from netcat |
Return to the original terminal and press Ctrl+c to stop the loop.
You can use this approach to serve a web page. Create a web page named index.html with some text:
| | $ echo "<h1>Hi from netcat</h1>" > index.html |
To make a browser render the HTML instead of just displaying the source, you’ll have to craft a response the browser understands. Instead of just reading in a file, create an HTTP response. Send the text HTTP/1.1 200 OK, followed by two blank lines, followed by the contents of the file:
| | $ while true; |
| | > do echo -e "HTTP/1.1 200 OK $(cat index.html)" | |
| | > nc -l 8000; done |
With this running, fire up a browser and go to http://localhost:8000 to see your page. This is just one more example of how diverse netcat is. But you’re not quite done.
Realtime Chat with Netcat
You can use nc as an improvised chat system. This isn’t entirely useful, but it’s a fun exercise to explore, as it shows how netcat can send data in real time. On your Ubuntu machine, type the following:
| | (ubuntu)$ nc -l 1337 |
This starts a chat server listening on port 1337. You can connect to this server using another machine with nc, specifying the IP address of the chat server:
| | (local)$ nc 192.168.99.100 1337 |
At this point, you can type messages on either machine, and the other machine will display them. Pressing Ctrl+c breaks the connection for both machines.
You can use netcat for lots more, too. You can use it to send files or create secure internet connections. You’ve just scratched the surface of this tool. Its primary use is for ad-hoc network diagnostics, but it really is a networking multitool.
Security conscious folks should know that netcat does everything in an unsecured manner. Use this only on trusted networks.