netcat · IT notes

As a replacement to telnet now that has been removed from macOS, netcat can be used.

To test the response from a web server:

echo -en "GET / HTTP/1.0\n\n\n" | nc google.com 80

If using HTTP/1.1 the host will be required:

echo -en "GET / HTTP/1.1\nHost: google.com\n\n" | nc google.com 80

Test to see if port accepts connections:

$ nc -vz google.com 80
found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
        outif en1
        src 192.168.1.100 port 50532
        dst 216.58.211.110 port 80
        rank info not available
        TCP aux info available

Connection to google.com port 80 [tcp/http] succeeded!

The -z option is specifies that nc should just scan for listening daemons, without sending any data to them. If using just -v it will keep connection open and ctrl + c could be used to close the connection.

🔗like telnet

To send data instead like where in telnet use the option -t which causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions.

$ nc -vt google.com 80
found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
        outif en1
        src 192.168.1.100 port 50532
        dst 216.58.211.110 port 80
        rank info not available
        TCP aux info available

Connection to google.com port 80 [tcp/http] succeeded!
GET /   <------- you write this

🔗scan

To scan a range of ports:

nc -zvn your-target.tld 1-1000

The -n option is to avoid doing any DNS or service lookups

To print the TPC banner of the running service this could be used:

echo "" | nc -vn -w1 -G1 your-target.tld -r 1-1000

The -w1 is for waiting no more than 1 second if the connection and stdin are idle, the echo "" send a black string to the open port and print out any banner received in response.

The -G1 sets the ctp connection timeout to 1 second.

The -r specifies that the source and/or destination ports should chosen randomly instead of sequentially.

https://docs.saltstack.com/en/latest/topics/mine/

🔗listen for connections

To open a port and keep listening on it, useful for testing incoming connections:

nc -lk 8080

To test you can connect to the opened port by doing:

nc -vt 0 8080

0 stands for localhost but you could use the IP (192.168.X.X) for example

🔗transfer a file

On the server where you want to store the file:

nc -l 8080 >  outfile

On the client where you have the file that you want to send:

nc X.X.X.X 8080 < infile