Practical Uses of nc(netcat) command in Linux

Netcat is one of the most powerful networking tools, security tools, and network monitoring tools. It is even considered a Swiss army knife of networking tools. It acts like a cat command over a network. It is generally used for the following reasons:

• Operation related to TCP, UDP, or UNIX-domain sockets.
• Port Scanning
• Port Listening
• Port redirection
• open Remote connections
• Read/Write data across the network.
• Network debugging
• Network daemon testing
• Simple TCP proxies
• A Socks or HTTP Proxy Command for ssh

It is designed by keeping in mind that it should be a flexible "back-end" tool that can be used directly or driven by any other program.

Installing Netcat (nc) Process Monitoring Tool in Linux

To install the Netcat tool use the following commands as per your Linux distribution. 

1. In the case of Debian/Ubuntu

sudo apt-get install netcat

2. In the case of CentOS/RHEL

sudo yum install nc 

3. In the case of Fedora 22+ and RHEL 8,9

sudo dnf install nc

Note: To verify that it is successfully installed in our system, we run the following command "nc -h". This will display the help menu of Netcat, indicating that it is installed and ready to be used. 

Syntax of the `nc` command in Linux

The basic syntax for the nc command as follows.

nc [options] [hostname] [port]

• [options]: Use to customize the behavior of the nc command. Some examples include adding verbose output, setting a timeout for connections, etc.
• [hostname]: The hostname or the IP address of the target we want to connect to or interact with using netcat. It can be both Domain name (e.g., example.com) or an IP address (e.g., 192.168.0.1).
• [port]: The port number of the target that we want to connect to or interact with. Ports are used to identify specific services or applications running on a system. (For example: port 80 (HTTP) or port 22 (SSH) connections.

Commonly used options in netcat (nc) command

It offers various options that help us in enhancing its functionality. Some commonly used options include:

Working Modes of Netcat

We have two primary working modes: 

1. Connect Mode

In this mode Netcat works as a client. Which means that it establishes a connection to a remote server or servers. To work in this mode, we have to provide the `<host>` and `<port>` parameters.

• <host> = In this we have to provide the hostname or IP address of the remote server or servers. It can be both Domain name (e.g., example.com) or an IP address (e.g., 192.168.0.1).
• <port> = In this we specify the port number on the remote server or services that we want to connect to. Basically, it represents the endpoint where the desired service is running.

For example: If we want to establish a connection to the HTTP (web) service running on domain name (example.com) or IP address (e.g., 192.168.0.1) on port 80. We use the following command.

nc example.com 80

2. Listen Mode

In this mode Netcat works as a server. Which means that it waits and listens for incoming connections from clients. To work in this mode, we have to use Netcat in Listen mode and provide the `<host>` (optional) and `<port>` parameters.

• <host> = it is optional to provide host name, if we do so the Netcat listens on the specific host for incoming connections on the specified `<port>`. We can say that it will bind itself to the specified host's IP address or network interface.
• <port> = In this we specify the port number on which Netcat should listen for incoming connection.

For example: If we want to listen to the IP address (e.g., 192.168.0.1) on port 8080. We use the following command.

nc -l 192.168.0.1 8080

We can use `-lv` option to view verbose (-v) 

Practical implementation of Netcat Security Tool in Linux

We have two systems running on same network, To know there IP address:

System 1 IP address (Localhost) (10.143.90.24) 

ifconfig

System 2 IP address (gfgubun1) (10.143.90.106) 

ifconfig

1. Client and Server Connection with Netcat (nc) in Linux

Here our system 1 will act as a server (listens) and system 2 will act as a client (connects)

a. System 1

We are running `nc` command in listen mode and providing a port number.

nc -lv 1111

You can replace port number `1111` with your desired port number.

Here we have used `-l` to make our system 1 a server and used `-v` for verbose to see if it was successful or not.

b. System 2

We are running `nc` command with IP address of System 1 and a port number on which system 1 is listening.

nc -v 10.143.90.24 1111

used `-v` for verbose to see if it was successful or not And mentioned IP address of System1.

IF we send message from any System we will see that message on both the systems.

2. Scanning Ports with netcat (nc) in Linux

a. Making System 2 to listen on port 1111.

nc -lvk 1111

used `-v` for verbose to see if it was successful or not and used `-k` so that our connection doesn't stop in case of disconnect.

b. Checking If the port is open From System 1.

Here we will check for port number 1111, if this port is open, we will see successful in connection. (used `-v` for verbose to see if it was succeeded)

nc -zv 10.143.90.106 1111

Here we have used `-z` option, to scan for open ports.

c. Finding Open Ports in a range of ports

IF we want to search in between the range of ports that are Open, we can write a small script as follows.

vim port_scan.sh

You can replace file name 'port_scan.sh' with your requirements. Here you have to replace the "10.143.90.106" with you requirement, we are taking start port and end port as a input from user itself.

#!/bin/bash
host="10.143.90.106"
read -p "Enter the starting port number: " start_port
read -p "Enter the ending port number: " end_port
for (( port=start_port; port<=end_port; port++ ))
do
 nc -zv "$host" "$port"
done

Making our script executable.

chmod +x port_scan.sh

Running script.

./port_scan.sh

Then enter the starting port and ending port.

If this port is open, we will see success in connection. Here we can see port `1111` is open.

3. Transfer File using Netcat (nc) in Linux.

If we have a file name "file_1.txt" in our system 2 and want to transfer that file in system 1, we use the following command.

a. In system 2

nc -lv 10.143.90.106 1111 < file_1.txt

b. In system 1

nc -zv 10.143.90.106 1111 > file_1.txt

Then we use `ls` command to confirm that we have received file in our system 1.

4. Chat Server using  Netcat (nc) in Linux.

On system 2

a. To start listening on a port.

First Open 2 terminal windows.

Terminal 1 for listening 

$nc -l -p 1234

Terminal 2 sending request

$nc 127.0.0.1 1234

Note: Here the port number is 1234 and by default host is the localhost.

👁 using netcat command to send message between two terminals
It will not display anything but will start listening to port 1234 at the localhost from terminal 1. And anything entered in terminal 2 will be reflected back in terminal 1 as well which confirms that the connection is established successfully.

b. To transfer data.

Open 2 terminal windows.

Terminal 1 for listening

$nc -l -p 1234 >output.txt

Terminal 2 for sending request

$echo "GeeksforGeeks" >input.txt
$nc 127.0.0.1 1234 <input.txt

Note: Here the port number is 1234 and by default host is localhost. It will send the input.txt file's data from terminal 2 to the output.txt file at terminal 1.

👁 Transferring-the-Data-using-Netcat-Command-in-Linux-1
👁 Transferring-the-Data-using-Netcat-Command-in-Linux-2
c. To perform Port Scanning.

Enter the following command on the terminal.

Scanning a single port

$netcat -z -v 127.0.0.1 1234

Scanning multiple ports

$nc -z -v 127.0.0.1 1234 1235

Scanning a range of ports

$nc -z -v 127.0.0.1 1233-1240

Note: Here the port numbers are 1234, 1235, 1233, and 1240 you may change them as per your need. It will display the port number with the status(open or not).

👁 Port-Scanning-Using-Netcat-Command-in-Linux
d. To send an HTTP Request

$printf "GET /nc.1 HTTPs/1.1\r\nHost: www.geeksforgeeks.org\r\n\r\n" | nc www.geeksforgeeks.org 80

Note: Here the website is www.geeksforgeeks.org, you may choose any. It will send a HTTP Request to www.geeksforgeeks.org.

👁 To-send-an-HTTP-Request-Using-Netcat-Command-in-Linux
e. To delay the interval for lines sent.

Open 2 terminal as shown below:

Terminal 1 for listening 

$nc -l -p 1234

Terminal 2 sending request

$nc -i 5 127.0.0.1 1234

Note: Here the port number is 1234 and by default host is localhost. The time taken is 5 seconds. Each will be sent after 5 seconds of time.

👁 To delay the interval for lines sent using netcat command in Linux

Conclusion

'Netcat' is an indispensable tool for anyone involved in network management or IT security. Its simplicity and versatility make it an excellent choice for a wide range of networking tasks from troubleshooting to testing network functionalities.