How to use Netcat to create and test TCP and UDP connections

  • 782 views
  • 7 minute read
Hadi Bahadori
  • February 11, 2024
0 Shares
0
0
0
0
0
Shares
0
0
0
0

Introduction

Linux is known for having a large number of mature and useful command line tools in most distributions. Often, system administrators can do many of their tasks using built-in tools without having to install additional software. In this guide, we will discuss how to use the netcat tool. This versatile command can help you monitor, test, and send data across network connections. Netcat should be available in almost every modern Linux distribution. Ubuntu ships with the BSD variant of netcat, and that is what we will use in this guide. Other versions may work differently or offer other options.

General instruction

By default, netcat works by establishing a TCP connection to a remote host.

The most basic command is:

netcat [options] host port

This attempts to initiate a TCP connection to the defined host on the specified port number. This is similar to the old Linux telnet command. Keep in mind that your connection is not fully encrypted.

If you want to send a UDP packet instead of starting a TCP connection, you can use the -u option:

netcat -u host port

You can specify a range of ports by placing a dash between the first and last:

netcat host startport-endport

This is usually used with some additional flags.

On most systems, we can use netcat or nc interchangeably. They are aliases for the same command.

Command to use Netcat for port scanning

One of the most common uses of netcat is as a port scanner. Although netcat is probably not the most sophisticated tool for this task (nmap is a better choice in most cases), it can perform simple port scans to easily identify open ports. We do this by specifying a range of ports to scan, as we did above, along with the -z option to perform the scan instead of attempting to initiate a connection.

For example, we can scan all ports up to 1000 by issuing this command:

netcat -z -v domain.com 1-1000

Along with the -z option, we have also specified the -v option to tell netcat to provide more detailed information.

The output will be as follows:

Output
nc: connect to domain.com port 1 (tcp) failed: Connection refused
nc: connect to domain.com port 2 (tcp) failed: Connection refused
nc: connect to domain.com port 3 (tcp) failed: Connection refused
nc: connect to domain.com port 4 (tcp) failed: Connection refused
nc: connect to domain.com port 5 (tcp) failed: Connection refused
nc: connect to domain.com port 6 (tcp) failed: Connection refused
nc: connect to domain.com port 7 (tcp) failed: Connection refused
. . .
Connection to domain.com 22 port [tcp/ssh] succeeded!
. . .

As you can see, this provides a lot of information and tells you for each port whether the scan was successful or not. If you are actually using a domain name, this is the form you should use.

However, if you know the IP address you need, your scan will be much faster. You can then use the -n flag to specify that you don't need to resolve the IP address using DNS:

netcat -z -n -v 198.51.100.0 1-1000

The return messages are actually sent to standard error (see our I/O redirection article for more information). We can send standard error messages to standard out, which allows us to filter the results more easily.

We redirect standard error to standard output using the bash syntax 2>&1 . Then we filter the results with grep :

netcat -z -n -v 198.51.100.0 1-1000 2>&1 | grep succeeded
Output
Connection to 198.51.100.0 22 port [tcp/*] succeeded!

Here, we can see that the only open port in the range of 1 to 1000 on the remote computer is port 22, the traditional SSH port.

How to communicate via NetCat

Netcat is not limited to sending TCP and UDP packets. It can also listen on a port for connections and packets. This gives us the opportunity to connect two instances of netcat in a client-server relationship.

Which computer is the server and which is the client is only a relevant distinction during the initial configuration. Once the connection is established, the communication is exactly the same in both directions.

On a machine, you can tell netcat to listen for connections on a specific port. We can do this by providing the -l parameter and selecting a port:

netcat -l 4444

This tells Netcat to listen for TCP connections on port 4444. As a regular user (non-root), you cannot open ports below 1000 as a security measure.

On the second server, we can connect to the first machine on the port number we chose. We do this in the same way we connected before:

netcat domain.com 4444

It will appear as if nothing happened. However, you can now send messages on either side of the connection and they will be visible on both sides.

Type a message and press ENTER. It will appear on both the local and remote screens. This works in reverse as well.

When you are finished sending the message, you can press CTRL-D to close the TCP connection.

How to send files via Netcat

Using the previous example, we can do more useful things. Since we are creating a regular TCP connection, we can transfer almost any type of data over that connection. This is not limited to chat messages typed by the user. We can use this knowledge to turn netcat into a file transfer program.

Once again, we need to choose a connection endpoint to listen for connections on. However, instead of printing the information to the screen, as we did in the previous example, we'll put all the information directly into a file:

netcat -l 4444 > received_file

> This command redirects all netcat output to the specified file name.

On the second computer, create a simple text file by typing:

echo "Hello, this is a file" > original_file

We can now use this file as input for the netcat connection we create with the listening computer. The file will be transferred as we typed it interactively:

netcat domain.com 4444 < original_file

We can see on the computer that was waiting for the connection that we now have a new file called receive_file with the contents of the file we typed on the other computer:

cat received_file
Output
Hello, this is a file

As you can see, by linking objects, we can easily use this connection to transfer all sorts of things. For example, we can transfer the contents of an entire directory by creating an unnamed tarball, transferring it to the remote system, and unpacking it in the remote directory.

At the end of the download, we can expect a file that needs to be unzipped and opened by typing:

netcat -l 4444 | tar xzvf -

The trailing dash (-) means that tar operates on standard input, which is piped across the network when a connection is established from netcat.

Along with the contents of the directory we want to transfer, we can package them into a tarball and then send them to the remote computer via netcat:

tar -czf - * | netcat domain.com 4444

This time, the dash in the tar command means to tar and zip the contents of the current directory (as indicated by the *), and write the result to standard output. It is then written directly over the TCP connection, which is then received at the other end and unzipped into the current directory of the remote computer. This is just one example of a more complex data transfer from one computer to another. Another common idea is to use the dd command to take an image of a disk on one side and transfer it to a remote computer. We won't go into that here, though.

How to use Netcat as a simple web server

We have configured netcat to listen for connections in order to communicate and transfer files. We can use the same concept to use netcat as a very simple web server. This can be useful for testing the pages you create.

First, let's create a simple HTML file on a server:

nano index.html

Here is some simple HTML you can use in your file:

<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>Level 1 header</h1>
<h2>Subheading</h2>
<p>Normal text here</p>
</body>
</html>

Save and close the file.

Without root privileges, you cannot serve this file on the default web port, port 80. We can choose port 8888 as a regular user.

If you just want to serve this page once to check how it renders, you can run the following command:

printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888

Now, in your browser, you can access the content by visiting:

http://server_IP:8888

This serves the page and then the netcat connection is closed. If you try to reload the page, it will be lost:


We can make netcat render the page indefinitely by putting the last command in an infinite loop, like this:

while true; do printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888; done

This allows it to continue accepting connections after the first connection is closed. We can stop the loop by typing CTRL-C on the server. This allows you to see how a page will render in the browser, but it doesn't offer much more performance. You should never use this to render real websites. There is no security and simple things like links won't even work properly.

Result

By now you should have a good idea of what netcat can be used for. It is a versatile tool that can be useful for diagnosing problems and verifying that basic level functionality is working properly with TCP/UDP connections. Using netcat, you can easily establish connections between different computers for quick interaction. Netcat attempts to make network interactions between computers transparent by removing the complexity of establishing connections.

In this article:
Post written by:
Follow
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article
Next Article
You May Also Like