by Jason Thomas

Unix command-line utility netcat gets called the "network swiss army knife" with good reason. Like the best UNIX utilities, it's very simple but can perform all sorts of useful tasks. It's also described well by its title: netcat is like the utility "cat," but runs across the network. One machine is set up with netcat to listen, and then other machines connect to it. Once connected, you can pipe text through it, open up a command shell on the listening machine, or anything you could do with cat on a local machine.


If you're a command line geek who's never used netcat but often works across networked machines, this quick netcat primer's for you.

(On most distributions, netcat is called "nc." It could also exist as netcat. Here, we'll assume it's called nc - which it is in Cygwin for Windows and in Mac OS X.)


Let's get started netcat'ting.

Open up two command windows on machines running netcat. You could do this with one machine for testing purposes or with terminal sessions connecting to two different stations.

In one window, type:

nc -l -p 1234

This tells netcat to start a server and start listening on port 1234.

Meanwhile, in the other window, type

nc <ip address of listening station> 1234

Not too exciting yet; it should just be sitting there in each window. But type something into the second window and hit return. You should see what you typed pop up in the first window. Pretty snazzy, no? Like I said, it's a lot like cat.


The snazziness comes from the flexibility of it. Like, you can have a process running on machine A and pipe its output to machine B. Let's say you want to watch who's logged in to machine A. You might set up a listening server on machine B, and then on machine A you'd type something like

watch w | nc <machine B ip address> 1234

Then, on the listening machine you'd be watching a running log. What's the point? Well, you might do this for security reasons— you might want to maintain a log of a process list on a friend's colo box somewhere across the net.


You can also use netcat as a quick and dirty file copy utility, like so:

(On the destination machine:)

nc -l -p 1234 > destination.filename

(On the source machine: )

cat source.filename | nc <destination ip> 1234


Once again, you might ask why. Well, netcat is so standard that you can be almost sure it'll be on any given machine— much more so than, say, the OpenSSH suite.

Netcat doesn't just need to connect to itself. It can connect to any arbitrary service, and since it can listen on a port, it can connect from any service. If you start up your listen server again on port 1234, and then connect to it using Firefox to that port, with the address http://<ip address>:1234/"Hello there," you'll see your HTTP GET attempt scrolling up in the listen session.


Or you might want to start up a shell. Start your listen server like so:

nc -l -p 1234 -e /bin/bash

Connect to it with:

nc <destination ip > 1234

You should be able to type commands to the bash shell and see the output. (Note: the -e is only enabled when netcat is compiled with it turned on. When Gina tested this on her machines, Cygwin allowed the -e but Mac OS X did not. Run a nc -h to list the options available to you; if -e is listed, you're golden.)


There is, however, a big problem with Netcat. It runs everything in plaintext, so anyone sniffing your network can see what you're doing. It's much more secure to use the program cryptcat, available here, which lets you set up arbitrary encrypted sessions.

You can use netcat to run quick chat sessions similar to the old UNIX write command. To do this, the listen server does:

nc -vlp 1234

Here the -v specifies verbose; connect to it as normal and both windows should be able to type back and forth.


Netcat can even scan ports! If you want to scan your machine for open services, type:

nc -v localhost 1-1000

It will return any ports between 1 and 1000 that are responding. For me, it returned one open port.

localhost [127.0.0.1] 631 (ipp) open

I couldn't remember what 631 was so I netcatted to it:

nc -v localhost 631

And it started up a server. I typed "QUIT" which is a standard exit command for many types of TCP port and it spit back some HTML, including "Server: CUPS/1.2." It was the web interface for my print server.


Netcat is very useful and very handy. If you carry around a thumb drive full of apps, netcat should be one of them. Just like cat, netcat is designed to work as a backend. With a little python programming ability and netcat, you can do amazing things. Let's hear about all the cool uses you've found for it!

Jason Thomas is a writer and computer professional living in the Twin Cities.