nc command in Linux with Examples

Introduction

Before we discuss nc command in Linux, let's briefly understand - What is nc command ?

The nc command stands for netcat, a versatile networking utility used for network management and troubleshooting. It enables users to read from and write to network connections directly from the command line, aiding in tasks like port scanning, file transferring, and even setting up backdoors securely.

With its simplicity and powerful features, nc is a go-to tool for network administrators and cybersecurity professionals worldwide.

In this tutorial, you will understand nc command in Linux. We will also address a few FAQs on nc command in Linux.

Installing nc Process Monitoring Tool in Linux

Use the following commands, depending on your Linux distribution, to install the Netcat tool.

In the case of Debian/Ubuntu

sudo apt-get install netcat

In the case of CentOS/RHEL

sudo yum install nc

In the case of Fedora 22+ and RHEL 8,9

sudo dnf install nc
💡
We use the command nc -h to confirm that it has been installed successfully in our system. This will show the Netcat help menu, indicating that it is installed and operational.

Syntax of the nc command in Linux

The nc command's basic syntax is as follows.

nc [options] [hostname] [port]

[options]: Used to alter the nc command's behavior. Adding verbose output and timeouts for connections are a couple of examples.

[hostname]: The IP address or hostname of the target that we wish to use Netcat to connect to and communicate with. It may be an IP address (such as 192.168.0.1) or a domain name (such as example.com).

[port]: The target's port number, which we wish to connect to and communicate with. On a system, ports are used to identify particular services or applications that are active. (For example, port 22 (SSH) connections or port 80 (HTTP).

netcat (nc) command options

It provides us with a number of options to improve its functionality. Several options that are frequently used are as follows:

  • -l: To create a server that waits for incoming connections, use the listen mode.
  • -p: Gives the port number of the source.
  • -v: Verbose mode yields output that is more detailed.
  • -z: Checks for open ports.
  • -w: Establishes a connection timeout.
  • -q: Indicates the amount of time before cutting the connection.

Two Primary Working Modes of Netcat

We have two primary working modes:

Connect Mode

Netcat functions as a client in this mode. Which implies that it connects to a server or servers that are located remotely. In order to function in this mode, we must supply the <host> and <port> parameters.

<host>: The remote server or servers' hostname or IP address must be entered here. Both a domain name (like example.com) and an IP address (like 192.168.0.1) can be used.

<port>: Here, we give the remote server or services' port number that we wish to connect to. In essence, it is a representation of the endpoint hosting the desired service.

For example: If we wish to connect to the HTTP (web) service that is operating on port 80 via the domain name example.com or IP address 192.168.0.1. The command that we use is this one.

nc example.com 80

Listen Mode

Netcat functions as a server in this mode, which implies that it watches and hears for new connections from users. In order to operate in this mode, we must use Netcat in Listen mode and supply the <host> (optional) and <port> parameters.

<host>: The host name is optional, but if we supply it, Netcat will listen on that host for incoming connections on the designated <port>. We can state that it will attach itself to the network interface or IP address of the designated host.

<port>: The port number that Netcat should use to listen for incoming connections is specified here.

For example: If we wish to listen on port 8080 to the IP address (e.g., 192.168.0.1). The command that we use is this one.

nc -l 192.168.0.1 8080

The -lv option allows us to view verbose (-v).

Practical implementation of Netcat Security Tool in Linux

We want to know the IP address of the two systems that are running on the same network.

System 1 IP address (Localhost) (10.143.90.24)

ifconfig

System 2 IP address (gfgubun1) (10.143.90.106)

ifconfig

Client and Server Connection with Netcat (nc) in Linux

In this case, System 1 will function as the server and listen, and System 2 will function as the client and connect.

1) System 1

We are supplying a port number and executing the nc command in listen mode.

nc -lv 1111

You can change port number 1111 to whatever port number you'd like.

Here, we've used -l to set up our system 1 as a server and -v to enable verbose output so we can check if it worked or not.

Scanning Ports with netcat (nc) in Linux

1) Making System 2 to listen on port 1111

nc -lvk 1111

Used -k to ensure that our connection doesn't break in the event of a disconnect, and -v for verbose to determine whether it was successful or not.

2) Checking If the port is open From System 1

Here, we will look for port 1111; if it is open, the connection will be successful. (used verbose with -v to check if it worked).

nc -zv 10.143.90.106 1111

Here, we have scanned for open ports using the -z option.

3) Finding Open Ports in a range of ports

The following short script can be written if we wish to search within the range of open ports.

vim port_scan.sh

You can change the filename port_scan.sh to suit your needs.

Here, you must substitute your requirements for 10.143.90.106.

The start port and end port are being taken as input directly from the user.

#!/bin/bash

host="10.143.90.106"

read -p "Enter the starting port number: " start_port
read -p "Enter the ending port number: " end_port

for (( port=start_port; port<=end_port; port++ ))
do
 nc -zv "$host" "$port"
done

Making our script runnable

chmod +x port_scan.sh

Running script

./port_scan.sh

Next, input the destination and starting ports.

The connection will be successful if this port is open. As can be seen, the port 1111 is open here.

Transfer File using Netcat (nc) in Linux

We use the following command to transfer a file called file_1.txt from our system 2 to our system 1.

In system 2

nc -lv 10.143.90.106 1111 < file_1.txt

In system 1

nc -zv 10.143.90.106 1111 > file_1.txt

Next, we verify that we have received the file in our system 1 using the ls command

Chat Server using Netcat (nc) in Linux

On system 2

  1. Prior to beginning to listen on a port, Launch terminal 2 windows.

Terminal 1 for listening

nc -l -p 1234

Terminal 2 sending request

nc 127.0.0.1 1234

It will start listening to port 1234 at the localhost from terminal 1 even though it won't show anything. Furthermore, anything entered in terminal 2 will also be reflected in terminal 1, indicating a successful connection.

2.  To send data. Launch Terminal 2 windows.

Terminal 1 for listening

nc -l -p 1234 >output.txt

Terminal 2 for sending request

echo "VegaStack" >input.txt $nc 127.0.0.1 1234 <input.txt

Note: In this case, the host is localhost by default, and the port number is 1234. Data from the input.txt file will be sent from terminal 2 to terminal 1's output.txt file.

3. To carry out a port scan. Use the terminal to enter the following command.

Scanning a single port

netcat -z -v 127.0.0.1 1234

Scanning multiple ports

nc -z -v 127.0.0.1 1234 1235

Scanning a range of ports

nc -z -v 127.0.0.1 1233-1240

Note: The port numbers in this case are 1234, 1235, 1233, and 1240; you are free to modify them to suit your needs. The port number and status (open or closed) will be shown.

4. To send an HTTP Request

printf “GET /nc.1 HTTPs/1.1\r\nHost: www.vegastack.com\r\n\r\n” | nc www.vegastack.com 80
💡
Note: Here the website is www.vegastack.com, you may choose any. It will send a HTTP Request to www.vegastack.com.

5. To prolong the time between lines sent. Launch Terminal 2 as indicated below:

Terminal 1 for listening

nc -l -p 1234

Terminal 2 sending request

nc -i 5 127.0.0.1 1234

Note: In this case, the host is localhost by default, and the port number is 1234. It takes five seconds to complete. Each will be sent following a 5-second delay.

FAQs on nc command in Linux

What are some common use cases for the nc command?

Common use cases include port scanning, transferring files, setting up backdoors, and testing network connectivity.

Can I use nc for transferring files between two systems?

Yes, you can transfer files between systems using the nc command by establishing a connection between the sender and receiver.

Is it possible to perform port scanning with the nc command?

Yes, nc can be used for port scanning by checking the status of ports on a target system. This can be done by using the nc -zv <hostname> <port> syntax, where <hostname> represents the target system and <port> refers to the port number to be scanned.

Can netcat be used for remote shell access?

Yes, netcat allows for remote shell access, enabling users to execute commands on a remote system securely.

Is netcat a secure tool to use for network operations?

While netcat offers powerful networking capabilities, users must exercise caution, especially when using it for transferring sensitive data over unsecured networks.

How can I terminate a netcat connection?

To terminate a netcat connection, simply press Ctrl + C on the terminal where the connection is running.

Can netcat be used for port forwarding purposes?

Yes, netcat can be utilized for port forwarding tasks, allowing data to flow between different ports on the same system or across multiple systems.

Conclusion

We hope this tutorial helped you understand how to use nc command in Linux.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.