socat

Listen to a port, wait for an incoming connection and transfer data to STDIO

$ sudo socat - TCP-LISTEN:8080,fork

$ sudo socat OPENSSL-LISTEN:4433,reuseaddr,cert=./cert.pem,cafile=./ca.cert.pem,key=./key.pem,verify=0 STDOUT

$ sudo socat - TCP4:www.example.com:80

$ sudo socat TCP-LISTEN:80,fork TCP4:www.example.com:80

$ [echo "Hello Multicast"] | socat - UDP4-DATAGRAM:[224.0.0.1]:[5000]

$ socat - UDP4-RECVFROM:[5000]

socat [options] address1 address2

options
    Various command-line options to control socat's behavior, such as specifying address type, security settings, debugging level, and more.

address1
    The first address endpoint for the data stream. This defines the first connection type, for example a TCP port to listen on, a pipe, or a file.

address2
    The second address endpoint for the data stream. This defines the second connection type.

Socat is a versatile command-line utility on Linux and other operating systems for establishing two bidirectional byte streams and transferring data between them. Think of it as a "socket CAT," similar to the `cat` command which concatenates files, but instead of files, socat works with network connections, pipes, files, and other data streams. It supports numerous protocols, including TCP, UDP, SSL, UNIX domain sockets, pipes, serial ports, and more. Socat's flexibility makes it invaluable for tasks like port forwarding, network debugging, creating secure tunnels, and interacting with various services. Its ability to handle different address types and establish secure connections allows for complex network setups. This tool is particularly useful when dealing with embedded systems, network security testing, and connecting heterogeneous systems. Socat gives the operator very fine-grained control over both endpoints, giving it significantly more features than netcat.

Socat has a steep learning curve due to its complex syntax and many options. Incorrect configuration can lead to security vulnerabilities, especially when dealing with network connections. The versatility of socat means that it can be hard to determine exactly what a socat invocation is doing, so careful auditing of configurations is necessary.

Socat supports a large number of address types to facilitate communication with a variety of network services, including:
TCP: Connects to a TCP port.
UDP: Connects to a UDP port.
UNIX: Connects to a Unix domain socket.
OPENSSL: Establishes an encrypted connection using SSL/TLS.
PIPE: Creates a pipe to connect to another program.

When using socat, it is important to be mindful of security concerns, especially when dealing with network connections. Always use strong authentication and encryption where appropriate. Carefully review all configuration settings to prevent unintended access or data leakage. For example, ensure proper firewall configuration to restrict access to listening ports.

Socat was created by Gerhard Rieger. It has been developed and maintained over the years, becoming a powerful tool for network communication and data transfer. Socat addressed limitations in the older `netcat` utility, offering more features and security options. It is now widely used by network engineers, system administrators, and developers for its flexible capabilities in a wide range of environments.

nc(1), netcat(1), ssh(1), stunnel(8)