You should know about Ncat

Ncat is a utility that reads and writes data across network connections. It's similar to an older tool called Netcat, whish as the name suggests, it can cat across the network using the TCP/IP protocol. It's even sometimes referred to as the "TCP/IP Swiss Army Knife". NCat can be used for almost any kind of network connection. Because of that, it is a great debugging and exploration tool.

Ncat us usually aliased by nc. If Ncat isn't already on your system, check for an ncat or nmap package from your system's package manager.

The power of Ncat comes from its simplicity, so there are countless applications. Here I will try to show a few useful examples of how I have used it to solve problems.

Listening for connections

Ncat can listen on any port (subject to root privileges for ports less than 1024) for incoming connections, and output any data to STDOUT.

To listen on port 3000:

nc -l 3000

This will bind to the port and continue to listen for connections until a client connects or the user interrupts with Ctrl+C. Try it out by directing your web browser to http://localhost:3000/. Your browser will continue to wait for a response, but your terminal will display the browsers HTTP request. Press Ctrl+C to close the connection and exit.

Sending data to a server

You could also use Ncat as a client to initiate a connection with a listening server. For instance, to make an HTTP request to my web server:

printf "GET / HTTP/1.0\nHost: www.kenbarbour.com\n\n" | nc www.kenbarbour.com 80

You could expect a response back from the host. In this case you would likely get a redirect to a secure version of the site as an HTTP response. You just spoke HTTP to a web server, and got a response back!

Simple Chat

There are plenty of full featured chat clients available, and Ncat isn't one of them. With that said, Ncat could be used to send plain text between two hosts, like a terribly basic chat system. One host would need to listen for connections initiated by a client. In this example, I'll assume two hosts with different IP addresses. You could do this on one host and pretend to have someone to talk to.

Start listening for UDP connections to port 1338 one host. We'll call this host Alice's computer. The -u flag uses UDP instead of TCP.

nc -lu 1338

If Bob knows Alice's IP address (lets assume its 192.168.1.101) and the network can route traffic to her port 1338, he can connect and send data to Alice's STDOUT.

nc -u 192.168.1.101 1338

Alice and Bob could type to each other, or close the connection with Ctrl+C.

Basic HTTP Server

Just like you could use Ncat to emulate a web browser, you can also use Ncat to emulate a web server. This most basic example will listen for a connection and send a single HTTP response before exiting:

printf "HTTP/1.1 200 OK\nConnection: close\n\nHello, I'm Ncat!" | nc -l 8080

Direct your web browser to http://localhost:8080/ and it will say Hello, I'm Ncat!. However, if you refresh the page you will notice that the browser is unable to connect. This is because Ncat has exited after the connection closed.

A more useful example would continue to serve until you stop the process. It would also be nice to serve a file or more complex output. The next example will continue to serve content.html until the process is interrupted with Ctrl+C.

while true ; do \
printf "HTTP/1.1 200 OK\nContent-Type: text/html\nConnection: close\n\n %s" \
"$(cat content.html)" | Ncat -l 8080 ; done

If you direct your browser once again to http://localhost:8080/ you will notice that content.html is served again and again. Additionally, each HTTP request will appear in your terminal. This technique is handy for discovering what data is included in requests.

Exercises to try yourself

• Add a Content-Encoding: gzip header and pipe the body through gzip before serving it to the browser to reduce transfer size.
• Serve the output of a command, such as the current uptime of the server.

Insecure file transfer

Netcat can be used to transfer a file across the network to another host. I wouldn't try this on a public network, or if a better utility like SCP is available.

On the host with the file, pipe the contents to Ncat listening on some port (like 1338):

nc -l 1338 < somefile

On the machine receiving the file, connect to the server and redirect stdout to a file:

nc 192.168.1.101 1338 > somefile

Compressed transfer

For small files, this will work fine. For larger files, it may help to compress the file before sending it. Notice that the server and client roles have switched. The receiving end is now listening while the sending end is initiating the connection.

On the receiving end:

nc -l 1338 | gunzip > somefile

On the sending end:

cat somefile | gzip | nc 192.168.1.101 1338

Transfer directories (with tar)

To transfer entire directories, it may be useful to use whats commonly referred to as a "tar pipe".

On the receiving end:

nc -l 1338 | tar xz

On the sending end:

tar czf - somedir | nc 192.168.1.1.1 1338

A note about Encryption

Ncat is able to encrypt traffic using SSL while serving as the client or the server, but care must be used to avoid vulnerability to Man-In-The-Middle attacks. See the short SSL section of the NMap Ncat documentation before using Ncat's encryption features.