Few Useful Netcat Tricks
I always say that small, simple and self contained tools can often be more useful, and more feature rich than huge bloated frameworks. For example lets take legendary “Swiss Army Knife of Networking” - netcat. It is a single binary, which takes up about 60KB of space on your disk (give or take a few KB depending on where and how you compile it). What can it do?
I guess a good question is what can’t it do?
Port Scanner
Netcat can be a port scanner. It does not have as many features as say nmap, but if you just want to see what ports are open on a given machine, you can simply do:
nc -v -w 1 localhost -z 1-3000
The command above will scan all the ports in the range 1-3000 on localhost.
File Transfer
Let’s say you want to transfer a big zip file from machine A to machine B but neither one has FTP, and using email or IM is out of the question due to file size, or other restrictions. What do you do? You can use netcat as a makeshift file transfer software.
On machine B do the following, where 1337 is some unused port on which you want to send the file:
nc -lp 1337 > file.zipAssuming that the IP of machine B is 10.48.2.40 go to machine A and do:
nc -w 1 10.48.2.40 1337 < file.zip
That’s it. The file will be magically transfered over the network socket.
Chat Server
Have you even needed an improvised one-on-one chat? Netcat can do that too. You simply start listening to connections on some port like this:
nc -lp 1337Then on another machine simply connect to that port:
nc 10.48.2.40 1337
Now start typing on either machine. When you press enter, the line will immediately show up on the other machine.
Telnet Server
Nectat can also be used to set up a telnet server in a matter of seconds. You can specify the shell (or for that matter any executable) you want netcat to run at a successful connection with the -e parameter:
nc -lp 1337 -e /bin/bashOn windows you can use:
nc -lp 1337 -e cmd.exeThen on a client machine simply connect to port 1337 and you will get full access to the shell, with the permissions of the user who ran nc on the server.
Spoofing HTTP Headers
You can use netcat to connect to a server using completely spoofed headers. You can actually type out your user agent, referrer and etc. It’s useful when you want to generate bunch of hits that can be easily found in the logs or something like that:
nc google.com 80 GET / HTTP/1.1 Host: google.com User-Agent: NOT-YOUR-BUSINESS Referrer: YOUR-MOM.COM
Note that your request won’t be sent until you generate a blank line. So hit return twice when your are done typing. You will get a response of headers and HTML streaming down your screen:
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: PREF=ID=79f8f28c854d90ec:TM=1186369443:LM=1186369443:S=UIiTvi68MtmbcmGl; expires=Sun, 1 -Jan-2038 19:14:07 GMT; path=/; domain=.google.com Server: GWS/2.1 Transfer-Encoding: chunked Date: Mon, 06 Aug 2007 03:04:03 GMT 738
I deleted the HTML that followed the response - but you get the idea. It is also a good way of looking at headers. Some sites have nice surprises there (like slashdot’s X-Bender and X-Fry headers). Seriously, check them out!
Web Server
I think this is my favorite trick. Did you ever need to set up simple makeshift webserver that would serve a single page? I know I did. In the past when my web server at work melted down, I set up laptop with this simple script:
while true; do nc -l -p 80 -q 1 < error.html; done
The error.html page was just a very simple error message notifying our users about the outage, and giving them an estimate of when it would be fixed. It took me 3 minutes to set up, and probably saved us many angry support calls.
Cloning Hard Drive Partitions Over the Network
This trick was submitted by Craig in the comments. On a system you want to clone do:
dd if=/dev/sda | nc 192.168.0.1 9000
Where 9000 is some random port. On the receiving side di:
nc -l -p 9000 | dd of=/dev/sda
Of course you need to have the cloned partitions unmounted on both systems. So if you are cloning / you will have to boot from a live distro like Knoppix. Note that you can use this technique to clone NTFS partitions as well - just need to use a live Linux distro on both sides.
Summary
Despite being able to do all that netcat still conforms to the Unix philosophy of doing one thing, and doing it well. Netcat was designed for a single purpose - to read and write data packets over network sockets. And because of it’s singular purpose it can be used in such a myriad of ways.
It is ironic, but it is of ten the case that the more features you add to your application, the more specialized it gets. And of course, GUI is the ultimate functionality killer. If netcat had a GUI I doubt it would be half as useful as it is right now.
I’ve been told that socat is a more powerful netcat fork which has even more functionality. Personally, I haven’t played with it at all. It does seem to have a different syntax, and it is not as mature or well known, and popular as it’s predecessor.
Related Posts:
Please digg me if you like this post.
August 7th, 2007 at 2:57 pm (5562) [Quote]
My favorite use is to clone systems. I run this on the system I want to image from:
dd if=/dev/sda | nc 192.168.0.1 9000
and this on the receiving side:
nc -l -p 9000 | dd of=/dev/sda
Of course, both systems will need to be booted with a CD and have access to the network drivers and the netcat program (gotta love Knoppix). I am also in the habit of ALWAYS assigning 192.168.0.1 to the new system and 192.168.0.100 to the master.
Posted usingAugust 7th, 2007 at 3:28 pm (5563) [Quote]
Oh wow. Didn’t think about that! Very, very useful.
Thanks!
Posted usingAugust 9th, 2007 at 6:23 am (5567) [Quote]
ugh, its 3:22… just pretend i made a quitty joke about teching old netcats new tricks…
Posted usingAugust 9th, 2007 at 9:43 am (5569) [Quote]
Quitty?
s/quitty/witty/There, fixd! LOL
Posted usingAugust 9th, 2007 at 10:02 am (5571) [Quote]
s/qutty/witty/Pretty slick there, Luke. Some of us “oldtimers” would have used sed, but it is the same outcome.
BTW- you really need to upgrade your Firefox . . .
Posted usingAugust 9th, 2007 at 10:14 am (5572) [Quote]
Well, regexps are pretty much the same in almost every language (excluding Microsoft stuff that is - they always fuck things up for everyone).
That could have been a sed script.
Posted usingAugust 10th, 2007 at 2:34 am (5577) [Quote]
a simple “check out the netcat (nc) man page” would do too..
Posted usingAugust 10th, 2007 at 2:45 am (5578) [Quote]
I don’t think the web server, and system mirroring tricks are on the man page.
Posted usingAugust 10th, 2007 at 9:08 am (5581) [Quote]
Man pages are helpful, but they are not all knowing.
I have to admit, most of my tricks have been passed down from other sysadmins. The book “UNIX Power Tools” would be next in line, followed by my dear friend, Google.
There are so many cool things, like using netcat to mirror a system. I have a sysadmin under me that is constantly amazed at the tools I keep pulling out of my brain to solve problems.
Posted usingAugust 10th, 2007 at 9:44 am (5582) [Quote]
Well, Unix Power Tools just got on my books-to-buy list
Also, I miss having a unix mentor.
Mine went to do bigger and better things at Oracle. Its kinda scary to think that I’m usually the most experienced unix person in the CS department at my university. At least until Nick shows up. 
Posted usingAugust 10th, 2007 at 10:55 am (5584) [Quote]
add lzop to the pipe on one end and lzop -d on the other when doing non-media transfers for excellent speedup… (dd or tar pipes for example)
Posted usingAugust 10th, 2007 at 11:06 am (5585) [Quote]
There you have it! Another awesome tip passed down.
I have lzo installed on my Solaris systems (thanks to BlastWave) but no lzop. Guess I will be doing some compiling!
I typically use gzip to compress my data, but it can have some tremendous overhead sometimes.
Posted usingAugust 10th, 2007 at 12:48 pm (5588) [Quote]
Nice! I haven’t used lzop before, but I’m definitely going to check it out for fast compression stuff. Btw, lzop is actually in the Ubuntu repositories so you can get it via apt-get.
And it’s Lzop not Izop.
Posted usingAugust 10th, 2007 at 1:03 pm (5589) [Quote]
I think the redirects in the file transfer section are reversed. On the host with the file you want should use ‘’ and the same reverse on the other side.
Posted usingAugust 10th, 2007 at 1:07 pm (5590) [Quote]
Looks like the redirect symbol got stripped out of my last reply. Basically just reverse the redirects on each end and you should be good.
Posted usingAugust 10th, 2007 at 1:22 pm (5592) [Quote]
Hm… I think they are correct though. I’m transferring the file from B to A. So on B the file is an input, and on A it is an output. So I think it is correct.
Posted usingAugust 11th, 2007 at 12:20 am (5600) [Quote]
[…] Terminally Incoherent » Blog Archive » Few Useful Netcat Tricks (tags: linux reference) […]
Posted usingAugust 11th, 2007 at 6:54 pm (5602) [Quote]
[…] Shamelessly ripped from here My personal favorite, the netcat web server: […]
Posted usingAugust 12th, 2007 at 3:00 am (5610) [Quote]
[…] Trucos de Netcat: Una serie de trucos y tips para el uso de netcat, una herramienta de 60KB que nos permitirá hacer maravillas. […]
Posted usingAugust 12th, 2007 at 10:26 pm (5618) [Quote]
[…] Few Useful Netcat Tricks […]
Posted usingAugust 13th, 2007 at 12:19 am (5619) [Quote]
[…] Terminally Incoherent » Blog Archive » Few Useful Netcat Tricks (tags: netcat linux) […]
Posted usingAugust 13th, 2007 at 8:21 am (5622) [Quote]
OK, does anyone know if it would be possible to transfer some file with netcat to remote side if remote can use only web browser? So, basically simulating http transfer with netcat?
Posted usingAugust 13th, 2007 at 9:19 am (5623) [Quote]
Netcat doesn’t emulate protocols. If the remote system needed a web proxy, you would have to do something else. Maybe a little clever scripting with expect . . .
However, if there is no proxy, just configure netcat to use port 80, since you would know that http traffic is allowed through.
Sock would be easy to configure since it doesn’t care about protocols, just tcp streams. I am sure you can just take the output from netcat and pipe it into something like connect (not too sure of this process. I would have to read up on it, but in throery it should work).
Posted usingAugust 13th, 2007 at 9:29 am (5624) [Quote]
Koby - the web server method I described in the post works. But you loose the mimetype of the file, so when you save it on the remote site you will need to save it with the right extension.
For example, on linux I set up nc to serve test.zip, but firefox picked up the file as something like bwu8a.bin (ie. random file name + generic extension). When I renamed it to zip, and unzipped it it worked.
Not sure how it would work with IE or on windows but it does work with Firefox on Linux.
Btw, why would you only be able to use the browser on the remote side? If you are so locked down on the remote you can’t open a listening socket, you can listen on the local machine, and then grab the file from the remote. Locally do:
nc -lp 1337 < somefile.zipThen on the remote do:
That should do it.
Posted usingAugust 13th, 2007 at 9:51 am (5625) [Quote]
Well, I am only locked to extent of my laziness, e.g. I thought of a lazy way sharing files between *nix box and windows. But anyway, just
Posted usingnc -lp 80 <file_to_transfer.extand then pointing web browser to remote_ip/file_to_transfer.ext works, only transfer is hanging until ^C on *nix box or forcing download to complete/close. But file is transferedAugust 13th, 2007 at 9:57 am (5626) [Quote]
Yeah, nc doesn’t always know when it finished. I think if you set -w to 1 on both sides it might close properly though.
Posted usingAugust 16th, 2007 at 4:07 pm (5706) [Quote]
In reply to my earlier post, you are right, I wasn’t really paying attention to the source and target… Great article btw…
Posted usingSeptember 20th, 2007 at 11:25 am (6246) [Quote]
I’m surprised that the webserver trick would work without sending back HTTP headers. Unless perhaps the appropriate headers are put at the beginning of error.html?
Posted usingSeptember 20th, 2007 at 11:36 am (6247) [Quote]
Yeah, I thought about that too. But for some reason it just worked. Go figure.
Posted usingSeptember 25th, 2007 at 9:03 am (6301) [Quote]
Thank you, very useful for me
Posted usingOctober 7th, 2007 at 2:03 pm (6454) [Quote]
Thanks for the good old hdd clone script. lost it some time ago.
Posted usingNovember 12th, 2007 at 3:27 am (6941) [Quote]
http://www.debian-administration.org/articles/145 has a fine tutorial on netcat abuse.
Posted usingNovember 13th, 2007 at 10:56 am (6958) [Quote]
[…] useful-netcat-tricks […]
Posted usingNovember 14th, 2007 at 6:26 am (6966) [Quote]
it’s cool and thanks for these useful trickes…it’s me….after_burn…egyptionhacker
Posted usingNovember 19th, 2007 at 4:10 am (7034) [Quote]
Using netcat to tunnel ports / forward traffic:
cya
Posted usingNovember 19th, 2007 at 11:07 am (7036) [Quote]
I see that remote access is indeed possible with netcat, but I can not seem to get some chat server to work over a remote connection. Both are using Windows XP (shouldn’t matter is diff. OS) and have opened up the necessary ports in which we would like to chat with, but still no dice. Has anyone gotten a netcat chat server to work over a remote connection?
Thanks in advance…
Posted usingFebruary 28th, 2008 at 2:20 am (8253) [Quote]
well this isnt really special or anything, But sort of a point of concept I guess.
On your local computer.
cat somefile.txt | netcat -lp 1000
On remote server.
Posted using Debian IceWeasel 2.0.0.12 onnetcat -w 1 64.174.24.112 1000 > file.txt
April 18th, 2008 at 11:41 am (8804) [Quote]
Hi, Using Microsoft Windows is more better
Posted usingWindows is the BEST OS around the world
I can’t find netcat ur talking in Windows, so it is not a good software, let using Windows and the program inside it
Thanks
April 18th, 2008 at 12:11 pm (8805) [Quote]
@lovexp - LOL! Oh man, this made my day.
Also, I will counter your troll attempt, with a genuine ‘on-topic’ reply, by pointing you to the page where you can download NT port of netcat thus making this conversation meaningful again.
Posted usingApril 18th, 2008 at 12:43 pm (8806) [Quote]
Dude! I heard that eSlap all the way in California!
Also, the cygwin package has all the UNIX favorites, including NetCat.
Posted usingApril 18th, 2008 at 1:31 pm (8808) [Quote]
Heh, didn’t even think about Cygwin at the moment, but you are right. Pretty much everything can be run under Cygwin these days.
Did I mention that I once managed to get KDE running under cygwin? I have also seen packages for Gnome on some of the mirrors.
Posted using