The nc (or netcat) command is used to perform any operation involving TCP (Transmission Control Protocol, connection oriented), UDP (User Datagram Protocol, connection-less, no guarantee of data delivery) or UNIX-domain sockets. It can be thought of as swiss-army knife for communication protocol utilities.
nc [options] [ip] [port]
$ nc -p 1337 -w 5 host.ip 80$ nc -u host.ip 80$ nc -lU /var/tmp/dsocketThis creates a connection, with no specific server/client sides with respect to nc, once the connection is established.
$ nc -l 1234 # in one console
$ nc 127.0.0.1 1234 # in another consoleAfter the file has been transferred, sequentially, the connection closes automatically
$ nc -l 1234 > filename.out # to start listening in one console and collect data
$ nc host.ip 1234 < filename.inBasic example of retrieving the homepage of the host, along with headers.
$ printf "GET / HTTP/1.0\r\n\r\n" | nc host.ip 80Checking which ports are open and running services on target machines. -z flag commands to inform about those rather than initiate a connection.
$ nc -zv host.ip 20-2000 # range of ports to check for| Short Flag | Description |
|---|---|
-4 |
Forces nc to use IPv4 addresses |
-6 |
Forces nc to use IPv6 addresses |
-b |
Allow broadcast |
-D |
Enable debugging on the socket |
-i |
Specify time interval delay between lines sent and received |
-k |
Stay listening for another connection after current is over |
-l |
Listen for incoming connection instead of initiate one to remote |
-T |
Specify length of TCP |
-p |
Specify source port to be used |
-r |
Specify source and/or destination ports randomly |
-s |
Specify IP of interface which is used to send the packets |
-U |
Use UNIX-domain sockets |
-u |
Use UDP instead of TCP as protocol |
-w |
Declare a timeout threshold for idle or unestablished connections |
-x |
Should use specified protocol when talking to proxy server |
-z |
Specify to scan for listening daemons, without sending any data |