nc Command in Linux with Examples

Description :

nc is the command which runs netcat, a simple Unix utility that reads and writes data across network connections, using the TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Common uses include:

1. Simple TCP proxies
2. Shell-script based HTTP clients and servers
3. Network daemon testing
4. A Socks or HTTP ProxyCommand for ssh

Usage :

nc [-46bCDdhklnrStUuvZz] [-I length] [-i interval] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s source] [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port]

Options :

-4
Forces nc to use IPv4 addresses only.
-6
Forces nc to use IPv6 addresses only.
-b
Allow broadcast.
-C
Send CRLF as line-ending.
-D
Enable debugging on the socket.
-d
Do not attempt to read from stdin.
-h
Prints out nc help.
-I length
Specifies the size of the TCP receive buffer.
-i interval
Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports.
-k
Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option.
-l
Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.
-n
Do not do any DNS or service lookups on any specified addresses, hostnames or ports.
-O length
Specifies the size of the TCP send buffer.
-P proxy_username
Specifies a username to present to a proxy server that requires authentication. If no username is specified then authentication will not be attempted. Proxy authentication is only supported for HTTP CONNECT proxies at present.
-p source_port
Specifies the source port nc should use, subject to privilege restrictions and availability.
-q seconds
after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever.
-r
Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them.
-S
Enables the RFC 2385 TCP MD5 signature option.
-s source
Specifies the IP of the interface which is used to send the packets. For UNIX-domain datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. It is an error to use this option in conjunction with the -l option.
-T toskeyword
Change IPv4 TOS value. toskeyword may be one of critical, inetcontrol, lowcost, lowdelay, netcontrol, throughput, reliability, or one of the DiffServ Code Points: ef, af11 … af43, cs0 … cs7; or a number in either hex or decimal.
-t
Causes nc to send RFC 854 DON’T and WON’T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions.
-U
Specifies to use UNIX-domain sockets.
-u
Use UDP instead of the default option of TCP. For UNIX-domain sockets, use a datagram socket instead of a stream socket. If a UNIX-domain socket is used, a temporary receiving socket is created in /tmp unless the -s flag is given.
-V rtable
Set the routing table to be used. The default is 0.
-v
Have nc give more verbose output.
-w timeout
Connections which cannot be established or are idle timeout after timeout seconds. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout.
-X proxy_protocol
Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are “4” (SOCKS v.4), “5” (SOCKS v.5) and “connect” (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.
-x proxy_address[:port]
Requests that nc should connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS).
-z
Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option.

Examples :

1. Netcat in a Server-Client Architecture

The netcat utility can be run in the server mode on a specified port listening for incoming connections.

$ nc -l 2380

Also, it can be used in client mode trying to connect on the port(2380) just opened

$ nc localhost 2380

Now, if we write some text at the client side, it reaches the server side. Here is the proof :

$ nc localhost 2380
HI, server

On the terminal where server is running :

$ nc -l 2380
HI, server

2. Timeout Support

There are cases when we do not want a connection to remain open forever. In that case, through ‘-w’ switch we can specify the timeout in a connection.

Server :

$ nc -l 2389

Client :

$ nc -w 20 localhost 2389

The connection above would be terminated after 20 seconds.

3. Transfer Files

At the client side, suppose we have a file named ‘testfile’ containing :

$ cat testfile
hello testfile. this is me.

and at the server side we have an empty file ‘test’

Now, we run the server as :

$ nc -l 2380 > test

and run the client as :

cat testfile | nc localhost 2380

Now, when we see the ‘test’ file at the server end, we see :

$ cat test
hello testfile. this is me.

4. Support of IPV4/IPV6 Connectivity

The flag -4 or -6 specifies that netcat utility should use which type of addresses.

Server :

$ nc -4 -l 2380

Client :

$ nc -4 localhost 2380

Now, if we run the netstat command, we see :

$ netstat | grep 2380
tcp        0      0 localhost:2380          localhost:50850        ESTABLISHED
tcp        0      0 localhost:50850         localhost:2380         ESTABLISHED

The first field in the above output would contain a postfix ’6′ in case the IPV6 addresses are being used. Since in this case it is not, so a connection between server and client is established using IPV4 addresses.

Now, If we force nc to use IPV6 addresses

Server :

$ nc -6 -l 2380

Client :

$ nc -6 localhost 2380

Now, if we run the netstat command, we see :

$ netstat | grep 2380
tcp6       0      0 localhost:2380          localhost:33230         ESTABLISHED
tcp6       0      0 localhost:33230         localhost:2380          ESTABLISHED

5. Disable Reading from STDIN in Netcat

This functionality can be achieved by using the flag -d.

Client :

$ nc -d localhost 2380
Hi

The text ‘Hi’ will not be sent to the server end as using -d option the read from stdin has been disabled.

6. Force Netcat Server to Stay Up

If the netcat client is connected to the server and then after sometime the client is disconnected then normally netcat server also terminates.

Server :

$ nc -k -l 2380

Client :

$ nc localhost 2380
^C

Server :

$ nc -k -l 2380

So we see that by using the -k option the server remains up even if the client got disconnected. If it would have been the other case, then after the client gets disconnected, the nc server would also have terminated on server and produced a $ prompt at server terminal.

7. Use Netcat with UDP Protocol

By default all the sockets that nc utility creates are TCP protocols but this utility also works with UDP protocol. To enable UDP protocol the -u flag is used.

Server :

$ nc -4 -u -l 2380

Client :

$ nc -4 -u localhost 2380

8. Configure Netcat Client to Stay Up after EOF

Netcat client can be configured to stay up after EOF is received. In a normal scenario, if the nc client receives an EOF character then it terminates immediately but this behavior can also be controlled if the -q flag is used. This flag expects a number which depicts number of seconds to wait before client terminates (after receiving EOF)

$ nc  -q 5  localhost 2380