Developer(s) | *Hobbit* |
---|---|
Stable release |
1.10 / 2 January 2007
|
Operating system | Unix |
Type | Network utility |
License | Original version: custom, permissive license GNU Version: GPL OpenBSD Version: BSD |
Website | nc110 |
Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using or . Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.
Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.
The original netcat's features include:
Rewrites like GNU's and OpenBSD's support additional features. For example, OpenBSD's nc supports TLS.
The file can then be accessed via a web browser under http://servername:8080/. Netcat only serves the file once to the first client that connects and then exits; it also provides the content length for browsers that expect it. (This should work fine in a LAN, but may potentially fail with any kind of firewall between.). In some versions of netcat like netcat-traditional in Debian 8.6, you need to specify -p before the port number.
Note that UDP tests will always show as "open". The -z
argument is useless.
This test is useful, if you have shell access to the server that should be tested, but you do not know whether there is a firewall blocking a specific UDP port on the server.
On the listening host, i.e. on the server whose port needs to be checked, do the following:
On the sending host, do the following – note that servname
is the hostname of the listening host:
If text typed on the sending host (type something and hit enter) is displayed also on the listening host, then the UDP port 7000 is open. If it is not open, you will get an error such as "Connection refused".
There is a caveat. On some machines, IPv6 may be the default IP version to use by netcat. Thus, the host specified by the hostname is contacted using IPv6, and the user might not know about this. Ports may appear closed in the test, even though they would be open when using IPv4. This can be difficult to notice and may cause the false impression that the port is blocked, while it is actually open. You can force the use of IPv4 by using adding -4
to the options of the nc
commands.
An uncommon use of netcat is port scanning. Netcat is not considered the best tool for this job, but it can be sufficient (a more advanced tool is nmap)