Notes on netcat Revised: 091105 ---------------------------------------------------------------------- Contents: 1. Overview 2. Debian notes 3. netcat examples 4. Related programs 5. nccs usage ---------------------------------------------------------------------- 1. Overview. This document is intended for network administrators and developers. netcat (or nc) is a simple network "Swiss Army Knife" that reads or writes arbitrary data using TCP or UDP. This distro provides the Debian version of netcat plus some related utilities, which are dis- cussed in sections 4 and 5. For the official documentation, execute man nc or man netcat (except under the MiniCD distro, which omits most man documentation). For quickstart examples, see section 3. ---------------------------------------------------------------------- 2. Debian notes. These notes are from the Debian patches: "netcat has been compiled with -DGAPING_SECURITY_HOLE turned on. I do not believe this is as much of a security hole as the author makes it out to be, *if* you know what you're doing (but then, if you didn't, you'd still be using telnet ;-)). Since the spawned program will run as whatever user started netcat, don't use -e as root. You have been warned, so if some cracker breaks into your system due to your own stupidity, don't blame me." "A symlink to the netcat binary called 'netcat' has been installed. However, the canonical name is still 'nc'. If you use netcat on other systems, it will probably only be installed as 'nc', so keep this in mind when writing scripts." -- Decklin Foster Fri, 1 Jun 2001 13:38:10 -0400 ---------------------------------------------------------------------- 3. netcat examples. A few netcat examples are shown below. Replace 192.168.0.1 with the server's IP address. Replace 3333 and 25000 with appropriate port numbers. Note: You may need to adjust firewall and/or router configurations as well. Note: If you have problems with file transfers that terminate prematurely, omit the -q 5 option shown in the file-transfer examples. If you do this, netcat won't exit when transfers are completed. Instead, it'll sit there until you press Control C (on either system). The first example runs a simple "chat" session. Text typed on either side should appear on both sides. To terminate the session, press Control C on either side. Server side: netcat -l -p 3333 Client side: netcat 192.168.0.1 3333 The next example transfers a file named file.dat from the server system to the client system. Server side: cat file.dat | netcat -l -p 3333 -q 5 Client side: netcat 192.168.0.1 3333 > file.dat The next example makes a gzipped backup copy of the 1st disk partition on the server system and saves the backup copy to a file stored on the client system. Server side: dd if=/dev/hda1 bs=32768 | gzip -9 | netcat -l -p 3333 -q 5 Client side: netcat 192.168.0.1 3333 > hda1.gz The next example makes a compressed tarball backup of /etc on the server system and saves the tarball on the client system. Server side: tar zcf - /etc | netcat -l -p 3333 -q 5 Client side: netcat 192.168.0.1 3333 > etc.tar.gz The next example transfers a file using netcat as before, but sends the data through an SSH tunnel. This provides some protection against hackers, eavesdroppers, etc. You can use similar commands to tunnel other netcat operations. Notes: a. You'll need an account on the server system. Replace john with the account name. b. The following warning message may be displayed. However, it doesn't seem to be fatal: stty: standard input: Invalid argument Server side: cat file.dat | netcat -l -p 3333 -q 5 ssh -f -L 25000:127.0.0.1:3333 john@192.168.0.1 sleep 10 Client side: netcat 127.0.0.1 25000 > file.dat The next example executes a specified CLI program on the server side (/bin/df, in this case) and sends the program's standard output stream to the client system. Note: The CLI program can be an interactive program such as a shell. However, this mode should be used with caution - if you make an interactive program available through netcat, you've opened a major security hole. SSH tunneling may reduce the risks, but it won't eliminate them entirely. Server side: netcat -l -p 3333 -e /bin/df Client side: netcat 192.168.0.1 3333 The next example checks the local system for open TCP ports in the range 1-10000 and reports the ports found (if any). This information is useful for security purposes. Note: To check for UDP ports instead of TCP ports, replace "-vz" with "-u -vz". Server side: n/a Client side: netcat -vz 127.0.0.1 1-10000 ---------------------------------------------------------------------- 4. Related programs. This distro's version of the netcat package provides four CLI com- mands: 4.1. nc - This is netcat 1.10 with the standard Debian netcat pat- ches applied (through patch level 33). For more information, execute "man nc" or "man netcat". 4.2. netcat - This is a symbolic link to nc. 4.3. ncmeter - This is a netcat-related utility that's bundled with the Debian patches. For more information, execute "ncmeter help". 4.4. nccs - "nccs" stands for "netcat client-server". This is a modi- fied version of netcat that includes the client-server patch for net- cat by Claudio Scordino, Linda Martorini, and Francesco Lelli (2002). For more information on nccs, see section 5. ---------------------------------------------------------------------- 5. nccs usage. Basic usage: Server: nccs -l -p PORT-NUMBER Client: nccs SERVER-IP-ADDRESS PORT-NUMBER This creates a TCP connection between the client and server. The stan- dard input of each computer is sent to the other computer, which shows it on its own standard output. To use nccs as a simple file server, use commands similar to this: Server: nccs -l -p PORT-NUMBER < FILENAME Client: nccs SERVER-IP-ADDRESS PORT-NUMBER > FILENAME