Netcat Network Tool

netcat (nc) cheatsheet — test ports, transfer files, listen for connections. nc -zv host 80, nc -l 8080, nc host port < file. Swiss army knife for networking.

7 min read

What it is

Netcat (nc) is the "Swiss Army knife" for TCP/IP networking, used for reading from and writing to network connections using the TCP or UDP protocols. It’s invaluable for debugging network services, simple data transfers, and creating basic network listeners.

Installation

Linux

sudo apt update && sudo apt install netcat
# or
sudo yum install nmap-ncat

macOS

Netcat is usually pre-installed. If not:

brew install netcat

Windows

Netcat is not typically pre-installed. You can download pre-compiled binaries or use Windows Subsystem for Linux (WSL). For native Windows, search for "netcat windows binary" or consider using tools like ncat from Nmap.

Core Concepts

  • Client/Server Model: Netcat can act as both a client (initiating a connection) and a server (listening for incoming connections).
  • TCP vs. UDP: Netcat can use either Transmission Control Protocol (TCP) for reliable, ordered delivery, or User Datagram Protocol (UDP) for faster, connectionless delivery.
  • Port Scanning: Netcat can be used to probe open ports on a remote host.
  • Data Transfer: It’s excellent for sending and receiving arbitrary data streams over a network.

Commands / Usage

Connecting to a Service (Client Mode)

  • Connect to a TCP port:

    nc example.com 80

    Connects to example.com on port 80 using TCP. Anything typed after this will be sent to the server, and anything received will be printed to your terminal.

  • Connect to a UDP port:

    nc -u example.com 53

    Connects to example.com on port 53 using UDP.

  • Connect with verbose output:

    nc -v example.com 22

    Connects to example.com on port 22 and shows connection status messages.

  • Connect with debug output:

    nc -d example.com 12345

    Connects to example.com on port 12345 and displays detailed debugging information.

  • Connect and send data from a file:

    nc example.com 80 < request.txt

    Connects to example.com on port 80 and sends the contents of request.txt as the request.

  • Connect and send data from stdin (interactive):

    nc example.com 8080
# Type your message here and press Enter
# Press Ctrl+C to exit

    Connects to example.com on port 8080 and sends whatever you type until you interrupt the connection.

  • Connect and execute a command, sending its output:

    echo "GET / HTTP/1.1" | nc example.com 80

    Sends the specified HTTP request to example.com on port 80 and prints the response.

Listening for Connections (Server Mode)

  • Listen on a TCP port:

    nc -l 8080

    Listens for incoming TCP connections on port 8080. Once a connection is established, it will print received data to stdout and send stdin to the client.

  • Listen on a UDP port:

    nc -ul 53

    Listens for incoming UDP datagrams on port 53.

  • Listen on a specific interface (TCP):

    nc -l 192.168.1.100 8080

    Listens for incoming TCP connections on port 8080 only on the interface with IP 192.168.1.100.

  • Listen and send file content upon connection:

    nc -l 8080 < /path/to/response.txt

    Listens on port 8080. When a client connects, it immediately sends the content of response.txt and closes the connection.

  • Listen and execute a command, sending its output:

    nc -l 8080 -e /bin/bash

    Listens on port 8080. When a client connects, it executes /bin/bash and pipes the client’s input to the shell and the shell’s output back to the client. (Note: -e is often considered a security risk and may be disabled or removed in newer versions).

  • Listen and execute a command with input redirection:

    nc -l 8080 -e sh < command_output.log

    Listens on port 8080. When a client connects, it executes sh and sends the content of command_output.log to the client.

  • Listen and execute a command with output redirection:

    nc -l 8080 -e sh > received_data.log

    Listens on port 8080. When a client connects, it executes sh and redirects all its output to received_data.log.

  • Listen and keep connection open after sending file:

    nc -kl 8080 < index.html

    Listens on port 8080. When a client connects, it sends index.html and then keeps the connection open for further communication.

  • Listen with verbose output:

    nc -lvp 8080

    Listens on port 8080 and displays verbose connection status messages.

  • Listen on a specific interface with UDP:

    nc -ul 192.168.1.100 12345

    Listens for UDP datagrams on port 12345 only on the interface with IP 192.168.1.100.

Port Scanning

  • Scan for open TCP ports:

    nc -zv example.com 1-100

    Scans ports 1 through 100 on example.com using TCP and reports which ones are open.

  • Scan for open UDP ports:

    nc -zvu example.com 53,161

    Scans UDP ports 53 and 161 on example.com and reports which ones are open.

Data Transfer and Piping

  • Simple file transfer (sender side):

    tar cf - /data | nc -l 12345

    Compresses the /data directory and pipes it to Netcat, which listens on port 12345.

  • Simple file transfer (receiver side):

    nc your_server_ip 12345 | tar xf -

    Connects to your_server_ip on port 12345, receives the data stream, and pipes it to tar to extract the files.

  • Chat between two terminals:

    • Terminal 1 (Server):
      nc -l 8080
    • Terminal 2 (Client):
      nc localhost 8080

    Anything typed in one terminal will appear in the other.

  • Echo server:

    nc -l -k 8080

    Listens on port 8080. For every message received, it sends the exact same message back to the client. -k keeps the server running after the client disconnects.

  • Send a web request and view response:

    echo -e "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" | nc example.com 80

    Constructs a basic HTTP GET request and sends it to example.com on port 80. \r\n is crucial for HTTP headers.

Miscellaneous

  • Create a simple HTTP server serving a static file:

    echo -e "HTTP/1.1 200 OK\r\nContent-Length: 11\r\n\r\nHello World" | nc -l 8080

    This is a very basic example. When a browser connects to localhost:8080, it will receive this minimal HTTP response.

  • Generate random data:

    cat /dev/urandom | nc -l 12345

    Listens on port 12345 and continuously sends random data.

Common Patterns

  • Transferring a directory:

    # On the machine with the directory (sender)
tar czf - /path/to/your/directory | nc -l 9999

# On the destination machine (receiver)
nc your_sender_ip 9999 | tar xzf - -C /destination/path

    Compresses a directory, sends it over Netcat, and extracts it on the other side.

  • Simple remote command execution (use with extreme caution):

    # On the target machine (server)
nc -l -p 12345 -e /bin/bash

# On your machine (client)
nc target_ip 12345

    This allows you to execute commands on the target machine by typing them into your Netcat client. This is highly insecure and should only be used in trusted, isolated environments.

  • Testing firewall rules:

    # From the client machine
nc -zv firewall_host 80

# From the server machine (if it has netcat)
nc -l -p 80

    Helps determine if a specific port is open and accessible through a firewall.

  • Redirecting web server logs:

    tail -f /var/log/nginx/access.log | nc -l 5000

    Listens on port 5000 and continuously streams the web server’s access log entries as they are written.

  • Basic TCP handshake check:

    nc -zvw 3 google.com 80

    Attempts a TCP connection to google.com on port 80 with a 3-second timeout, showing verbose output and the connection status.

Gotchas

  • -e is a security risk: The nc -e option (execute command) is extremely dangerous. It effectively creates a backdoor. Many modern versions of Netcat have removed or disabled this option for security reasons. Use it with extreme caution and only in completely trusted, air-gapped, or highly controlled network environments.
  • UDP is connectionless: When using UDP (-u), Netcat doesn’t guarantee delivery or order. It simply sends datagrams. You won’t get confirmation if a packet was received unless the receiving application explicitly sends one back.
  • Default behavior: If no port is specified, Netcat might default to port 0 or behave unexpectedly. Always specify a port.
  • Firewalls: Netcat relies on open ports. Firewalls (both on the client and server, and network firewalls in between) can block connections, making Netcat appear to hang or fail. Use -v and -z to diagnose.
  • Input buffering: Standard input (stdin) might be buffered differently depending on the OS and how Netcat is invoked, potentially affecting how quickly data is sent.
  • nc vs ncat vs netcat: There are different implementations of Netcat (e.g., OpenBSD nc, GNU netcat, Nmap’s ncat). They have slightly different options and behaviors. The examples above generally apply to the most common OpenBSD-style nc. Check your specific version’s man page (man nc).
  • Ctrl+C: Interrupting a Netcat process usually closes the connection immediately. For servers listening with -k, Ctrl+C will stop the listener.
  • Port numbers: Using ports below 1024 typically requires root privileges.