netcat (nc): The Swiss Army Knife of Networking

netcat (nc) does one thing: move bytes over a network. That simplicity makes it incredibly versatile — port scanning, file transfers, chat servers, proxies, and network debugging all become one-liners.

Basic Usage

1
2
3
4
5
6
7
8
# Connect to host:port
nc hostname 80

# Listen on port
nc -l 8080

# Listen (keep listening after disconnect)
nc -lk 8080

Test if Port is Open

1
2
3
4
5
6
7
8
9
# Quick port check
nc -zv hostname 22
# Connection to hostname 22 port [tcp/ssh] succeeded!

# Scan port range
nc -zv hostname 20-25

# With timeout
nc -zv -w 3 hostname 443

Simple Client-Server Communication

Server (listener)

1
nc -l 9000

Client

1
nc localhost 9000

Now type in either terminal — text flows both ways. Ctrl+C to exit.

HTTP Request

1
2
3
4
5
6
7
8
# Manual HTTP GET
echo -e "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n" | nc example.com 80

# Or interactively
nc example.com 80
GET / HTTP/1.1
Host: example.com
<blank line>

File Transfer

Receiver (set up first)

1
nc -l 9000 > received_file.txt

Sender

1
nc hostname 9000 < file_to_send.txt

Transfer with progress

1
2
3
4
5
# Sender
pv file.tar.gz | nc hostname 9000

# Receiver
nc -l 9000 | pv > file.tar.gz

Transfer directory

1
2
3
4
5
# Sender
tar czf - /path/to/dir | nc hostname 9000

# Receiver
nc -l 9000 | tar xzf -

Port Forwarding

1
2
3
4
5
6
# Forward local port to remote
nc -l 8080 | nc remote_host 80

# Bidirectional (requires named pipes)
mkfifo /tmp/backpipe
nc -l 8080 0</tmp/backpipe | nc remote_host 80 1>/tmp/backpipe

Simple Chat

Terminal 1

1
nc -l 9000

Terminal 2

1
nc localhost 9000

Both can type and see each other’s messages.

1
2
3
4
5
6
7
8
9
# SSH banner
echo "" | nc -w 2 hostname 22
# SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

# SMTP banner
nc -w 2 mail.example.com 25

# HTTP headers
echo -e "HEAD / HTTP/1.1\r\nHost: example.com\r\n\r\n" | nc example.com 80

UDP Mode

1
2
3
4
5
6
7
8
# UDP listener
nc -u -l 9000

# UDP client
nc -u hostname 9000

# Test UDP port
nc -uzv hostname 53

Common Options

1
2
3
4
5
6
7
8
9
-l        Listen mode
-p PORT   Local port (some versions)
-u        UDP mode (default is TCP)
-v        Verbose
-w SECS   Timeout
-z        Zero-I/O mode (scanning)
-n        No DNS resolution
-k        Keep listening after disconnect
-e CMD    Execute command (dangerous, not in all versions)

Practical Examples

Check Web Server

1
2
3
4
5
# Is web server responding?
echo -e "GET /health HTTP/1.1\r\nHost: localhost\r\n\r\n" | nc localhost 8080

# Just check if port is open
nc -zv localhost 8080

Test Firewall Rules

1
2
3
4
5
6
# On server behind firewall
nc -l 12345

# From outside
nc -zv server_ip 12345
# If connection succeeds, port is open through firewall

Debug Service Connectivity

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Test database port
nc -zv db.example.com 5432

# Test Redis
nc -zv redis.example.com 6379

# Test multiple services
for port in 22 80 443 3306 5432; do
    nc -zv -w 2 hostname $port
done

Simple Web Server

1
2
3
4
5
6
7
# Serve a single file
while true; do nc -l 8080 < index.html; done

# With proper HTTP response
while true; do
    echo -e "HTTP/1.1 200 OK\r\n\r\n$(cat index.html)" | nc -l 8080
done

Proxy Through SSH

1
2
3
4
5
# Create tunnel
ssh -L 9000:remote_db:5432 bastion_host

# Connect through tunnel
nc localhost 9000

Backdoor (Educational Only)

1
2
3
4
5
# Listener waiting for shell (server)
nc -l 4444 -e /bin/bash

# Connect to get shell (client)
nc server_ip 4444

Warning: Never do this on systems you don’t own. This is how attackers maintain access.

Test SMTP

1
2
3
4
5
6
7
8
9
nc mail.example.com 25
HELO test.com
MAIL FROM:<test@test.com>
RCPT TO:<user@example.com>
DATA
Subject: Test
Test message
.
QUIT

Variations

Different systems have different netcat implementations:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
# Traditional netcat
nc

# GNU netcat
netcat

# Ncat (from Nmap project, most features)
ncat

# OpenBSD netcat (common on Linux)
nc.openbsd

# Check which version
nc -h

Ncat Extras

1
2
3
4
5
6
7
8
# SSL/TLS connection
ncat --ssl hostname 443

# Execute command on connect
ncat -l 8080 -e /bin/bash

# Access control
ncat -l 8080 --allow 192.168.1.0/24

Alternatives

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# socat (more powerful, more complex)
socat TCP-LISTEN:8080 TCP:remote:80

# curl for HTTP
curl -v telnet://hostname:25

# telnet for interactive
telnet hostname 25

# Python one-liner
python3 -c "import socket; s=socket.socket(); s.connect(('host',80)); s.send(b'GET / HTTP/1.1\r\nHost: host\r\n\r\n'); print(s.recv(1024))"

Quick Reference

Task	Command
Test port	`nc -zv host port`
Listen	`nc -l port`
Connect	`nc host port`
UDP	`nc -u host port`
Timeout	`nc -w 3 host port`
Scan range	`nc -zv host 20-30`
Transfer file	`nc -l port > file` / `nc host port < file`

netcat is the minimal viable network tool. No frills, no configuration — just bytes in, bytes out. When you need to quickly test connectivity, transfer a file, or debug a protocol, nc is usually the fastest path.

Basic Usage#

Test if Port is Open#

Simple Client-Server Communication#

Server (listener)#

Client#

HTTP Request#

File Transfer#

Receiver (set up first)#

Sender#

Transfer with progress#

Transfer directory#

Port Forwarding#

Simple Chat#

Terminal 1#

Terminal 2#

Banner Grabbing#

UDP Mode#

Common Options#

Practical Examples#

Check Web Server#

Test Firewall Rules#

Debug Service Connectivity#

Simple Web Server#

Proxy Through SSH#

Backdoor (Educational Only)#

Test SMTP#

Variations#

Ncat Extras#

Alternatives#

Quick Reference#

📬 Get the Newsletter