10 Useful nc (ncat) Command Examples for Linux Systems

In this blog post, we will explain 10 useful nc (ncat) command examples for Linux systems. Whether you’re a seasoned system administrator or just getting started with networking, these examples will help you harness the power of nc command to streamline your tasks and troubleshoot network issues more effectively.

Ncat, often abbreviated as “nc,” is a versatile and powerful networking utility that has been around for decades. It’s often referred to as the “Swiss Army knife” of networking tools due to its wide range of capabilities. nc can be a port scanning tool, or a security tool, or monitoring tool and is also a simple TCP proxy.

nc (ncat) Installation on Linux

For RPM based distributions like RHEL, CentOS, Fedora, Rocky Linux and Alma Linux, run following command to install nc.

$ sudo dnf install nc

In Debian based distributions, run

$ sudo apt install netcat

Without any further delay, let’s jump into nc command examples.

1) Basic Connection Establishment

Ncat or nc simplifies the process of creating basic connections between systems. Use the following command to establish a connection between a client and a server:

$ ncat -l port_number

Where:

  • -l : Bind and listen for incoming connections on the port_number.

For example,

$ nc -l 8080   //Server
$ nc localhost 8080 //Client

This basic example allow server to listen on port 8080 and clients can connect to it.

2) Connect to a Remote System

To connect to a remote system with nc, execute the following command,

$ nc -v IP_address port_number

or

$ nc -v FQDN

Let’s take an example,

$ nc -v 192.168.1.248 80
or 
$ nc -v www.linuxtechi.com 443

Now a connection to server with IP address 192.168.1.248 will be made at port 80 & we can now send instructions to server. Like we can get the complete page content with

GET / HTTP/1.1

or get the page name,

GET / HTTP/1.1

or we can get banner for OS fingerprinting with the following,

HEAD / HTTP/1.1

This will tell what software is being used to run the web Server.

Alternate way to check,

$ echo -e "GET / HTTP/1.1\nHost: 192.168.1.248\n\n" | nc 192.168.1.248 80

3) Connecting to UDP Ports

By default , the nc utility makes connections only to TCP ports. But we can also make connections to UDP ports, for that we can use option ‘u’,

$ ncat -l -u 1234

Now our system will start listening a udp port ‘1234’, we can verify this using below netstat command,

$ netstat -tunlp | grep 1234
udp 0 0 0.0.0.0:1234 0.0.0.0:* 10713/nc
$

netstat-udp-connection-check-linux

Let’s assume we want to send or test UDP port connectivity to a specific remote host, then use the following command,

$ ncat -v -u {host-ip} {udp-port}

$ nc -v -u 192.168.105.150 53
Ncat: Version 7.91 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.105.150:53.

4) NC as chat tool

NC allows for real-time chat between two systems. Start a chat server:

$ ncat -l -p 9090

On remote client machine, run

$ ncat 192.168.1.248 9090

Than start sending messages & they will be displayed on server terminal.

NC-Chat-Server-Linux

5) NC as a proxy

NC can also be used as a proxy with a simple command. Let’s take an example,

$ ncat -l 8080 | ncat 192.168.1.200 80

Now all the connections coming to our server on port 8080 will be automatically redirected to 192.168.1.200 server on port 80. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so,

$ mkfifo 2way
$ ncat -l 8080 0<2way | ncat 192.168.1.200 80 1>2way

Now you will be able to send & receive data over nc proxy.

6) Transfer Files Using nc

NC can also be used to transfer or copy the files from one system to another, though it is not recommended & mostly all systems have ssh/scp installed by default. But none the less if you have come across a system with no ssh/scp, you can also use nc as last ditch effort.

Start with machine on which data is to be received & start nc is listener mode,

$ ncat -l  8080 > file.txt

Now on the machine from where data is to be copied, run the following command,

$ ncat 192.168.1.100 8080 --send-only < data.txt

Here, data.txt is the file that has to be sent. –send-only option will close the connection once the file has been copied. If not using this option, than we will have press ctrl+c to close the connection manually.

We can also copy entire disk partitions using this method, but it should be done with caution.

7) Port Scanning

You can use nc to scan a range of ports on a target system to check for open services. For instance:

$ nc -zv <hostname or IP address> <start_port>-<end_port>

$ nc -zv 192.168.1.248 80-100   # range
$ nc -zv example.com 443        # Particular port$ nc -zv example.com 80 443     # Multiple Port

8) Port Forwarding

We can also use NC for port forwarding with the help of option ‘c’ , syntax for accomplishing port forwarding is,

$ ncat -u -l  80 -c  'ncat -u -l 8080'

Now all the connections for port 80 will be forwarded to port 8080.

9) Set Connection Timeouts

Listener mode in ncat will continue to run & would have to be terminated manually. But we can configure timeouts with option ‘w’,

$ ncat -w 10 192.168.1.248 8080

This will cause connection to be terminated in 10 seconds, but it can only be used on client side & not on server side.

10) Force Server to Stay Up

When client disconnects from server, after sometime server also stops listening. But we can force server to stay connected & continuing port listening with option ‘k’. Run the following command,

$ ncat -l -k 8080

Now server will stay up, even if a connection from client is broken.

Additional Example

Remote Command Execution via nc

NC command can also be used to create backdoor to your systems & this technique is actually used by hackers a lot. We should know how it works in order to secure our system. To create a backdoor, the command is,

$ nc -l 10000 -e /bin/bash

‘e‘ flag attaches a bash to port 10000. Now a client can connect to port 10000 on server & will have complete access to our system via bash.

$ nc 192.168.1.100 10000

With this we end our tutorial, please feel free to post your queries and feedback in below comments section.

Read Also: How to Add and Delete Static Route in Linux using IP Command

Share Now!

7 thoughts on “10 Useful nc (ncat) Command Examples for Linux Systems”

  1. At example 3 you use say that it’s for connecting to UDP ports yet you use the “-l” switch which is for listening to incoming connections, and not for connecting to UDP. You may want to fix that.

    One of the best real-life usages of netcat is to send application logs to a remote syslog server via UDP.

    Reply
  2. what is the best way to test if my udp port working using ncat? I have service running on the server with port 10000 using UDP. And I want to test if I can access that service before I start using that.

    Reply
  3. The command ncat -l -p 8080 -e /home/bob/webserver2 would listen on port 8080, and then start a webserver on port 8080, when incoming requests actually came in on that port. Nice to put in a container to sandbox the webserver.

    Reply

Leave a Comment