Netcat

Enjoy this cheat sheet at its fullest within Dash, the macOS documentation browser.

Usage

Normal syntax

nc [options] [host] [port]

Arbitrary TCP and UDP connections and listens.

General Options

nc -4 [options] [host] [port]

Use IPv4 addressing only

nc -6 [options] [host] [port]

Use IPv6 addressing only

nc -u [options] [host] [port]

UDP instead of TCP

nc -l [host] [port]

Listen for an incoming connection

nc -k -l [host] [port]

Continue listening after client has disconnected

nc -n [host] [port]

No DNS lookups

nc -p [source port] [host] [port]

Use specific source port

nc -s [source ip] [host] [port]

Use source IP

nc -w [timeout] [host] [port]

Apply 'n' second timeout

nc -v [host] [port]

Verbose output

Client Examples

nc 192.168.0.1 5051 < filename.in

Transmit contents of file "filename.in"

nc 192.168.0.1 5051 > filename.out

Send incoming data to "filename.out"

Server Examples

netcat -l 5050

Listen for TCP connections (port 5050). Data received is directed to STDOUT. Data is captured and transmitted from STDOUT.

netcat -l 5051 > filename.out

Data received directed to "filename.out"

Single use web server listening on port 8080

( echo -ne "HTTP/1.1 200 OK
Content-Length: $(wc -c <index.html)\r\n\r\n" ; cat index.html ) | nc -l 8080

Bash while loop restarts web server after each request

while : ; do ( echo -ne "HTTP/1.1 200 OK\r\nContent-Length: $(wc -c <index.html)\r\n\r\n" ; cat index.html; ) | nc -l -p 8080 ; done

Simple Proxy

mknod backpipe p ; nc -l [proxy port] < backpipe | nc [destination host] [destination port] > pipe

Create a named pipe. Setup an a listener on proxy port. Forward requests from listener to a client which in-turn sends them onto the destination host. The client redirects the response from the destination host into the named pipe. The listener picks up the response from the named pipe and returns it. The named pipe thus allows the proxy to transmit data bi-directionally.

Port Scanning

nc -zv hostname.com 80

Scan a single TCP port

nc -zv hostname.com 80-84

Scan a range of ports

nc -zv hostname.com 80 84

Scan multiple ports

Notes