nc

Send and receive data over network connections

TLDR

Start a listener on the specified TCP port and send a file into it

$ nc -l -p [port] < [filename]

Connect to a target listener on the specified port and receive a file from it

$ nc [host] [port] > [received_filename]

Scan the open TCP ports of a specified host

$ nc -v -z -w [timeout_in_seconds] [host] [start_port]-[end_port]

Start a listener on the specified TCP port and provide your local shell access to the connected party (this is dangerous and can be abused)

$ nc -l -p [port] -e [shell_executable]

Connect to a target listener and provide your local shell access to the remote party (this is dangerous and can be abused)

$ nc [host] [port] -e [shell_executable]

Act as a proxy and forward data from a local TCP port to the given remote host

$ nc -l -p [local_port] | nc [host] [remote_port]

Send an HTTP GET request

$ echo -e "GET / HTTP/1.1\nHost: [host]\n\n" | nc [host] 80

SYNOPSIS

nc [options] hostname port [port...]
nc -l [options] [hostname] port [port...]

-l
    Listen mode. For inbound connects.

-p port
    Specify the local port for outgoing connections.

-u
    Use UDP instead of the default TCP.

-v
    Verbose output. Provides more information about connections and errors.

-w timeout
    Connection timeout. Specifies how long to wait for a connection to establish.

-z
    Zero-I/O mode. Only scan for listening daemons, without sending any data. Useful for port scanning.

-n
    Do not do DNS lookups. Speeds up operations when dealing with IP addresses.

-k
    Force nc to stay listening for another connection after its current client disconnects. Only valid with -l.

-4
    Force nc to use IPv4 addresses only.

-6
    Force nc to use IPv6 addresses only.

DESCRIPTION

The nc (or netcat) command is a powerful networking utility that reads and writes data across network connections, using the TCP/IP or UDP protocols. Often referred to as the "TCP/IP swiss army knife", it's incredibly versatile for various tasks.

It can be used for port scanning, file transfers, simple chat applications, network debugging, and even as a backdoor. It can act as both a client (connecting to a remote host and port) and a server (listening on a specified port for incoming connections). Its simplicity and raw data handling make it an essential tool for network administrators, developers, and security professionals.

CAVEATS

While extremely powerful, nc sends data in plain text by default, making it unsuitable for transferring sensitive information without additional encryption (e.g., via a VPN or SSH tunnel). Its simplicity also means it lacks advanced features like authentication or robust error handling, which are present in more specialized tools. It's often misused in malicious contexts due to its ability to create simple backdoors or listener services.

COMMON USE CASES

Port Scanning: nc -zv target port checks if a port is open.
File Transfer: Server: nc -l -p port > file; Client: nc server_ip port < file.
Simple Chat: Server: nc -l -p port; Client: nc server_ip port (type messages and press Enter).
Debugging: Test connectivity to services or send raw HTTP requests.

HISTORY

The original Netcat program was written by Hobbit in 1995. It quickly gained popularity as a versatile command-line networking tool. Due to its utility, various implementations have emerged, including GNU Netcat, OpenBSD Netcat (which is often symlinked as nc on many Linux systems), and Ncat (part of the Nmap suite). While their core functionality remains similar, subtle differences in options and behavior exist between these versions.

nc