Informative guide to NC (Ncat) command in Linux

Shujat Husain
6 min readMar 24, 2021

--

https://thelinuxgurus.com/informative-guide-to-nc-ncat-command-in-linux/

https://thelinuxgurus.com/informative-guide-to-nc-ncat-command-in-linux/

Ncat command in Linux or NC command is used in the maintenance or diagnosis-related tasks for a network. Even though the ‘nc command’ or ‘ncat command’ are separate commands but they are similar to how they perform their functions & one can be used or replace by the other.

Similar to how CAT common in Linux has the ability to manipulate files, NC command in Linux has the ability to perform operations like read, write, or data redirections over the network.

Ncat command can be used as a utility to scan ports, monitoring or can also act as a basic TCP proxy. Organizations can utilize it to review the security of their networks, web servers, telnet servers, mail servers, etc, by checking the ports that are opened or unsecured and then secure them. NC command can also be used to capture information being sent by the system.

Recommended Read: How to use NMAP command to test Server/Network Security

Also Read: How to use FIND command in Linux

First, let’s discuss how we can install NC command or Ncat command on Linux systems.

Install NC command on CentOS

To install the nc command on Centos, simply run the following command,

# yum install nc

Install NC on Ubuntu

Similar to CentOS, the nc command in Ubuntu can be installed with a single command,

$ sudo apt install netcat

Now if you also want to know how to install the ncat command in CentOS & Ubuntu, then here are the commands.

Install Ncat command on CentOS or RHEL

Ncat command in CentOS or RHEL is part of the NMAP command. So to install the ncat command on Centos, run the following command,

# yum install nmap

Install Ncat on Ubuntu

To install Ncat command in Ubuntu,

$ sudo apt install ncat

Now let’s discuss how we can use (NCAT command) NC command in Linux with the help of some examples.

Examples for NC command/Ncat command

Connect to a remote server

The following example shows how we can connect to a remote server with NC command,

$ nc 172.16.16.100 80

Or

$ ncat 172.16.16.100 80

here, 172.16.16.100 is the IP of the server we want to connect to & 80 is the port number for the remote server.

Once the nc command has created the connection, we can then perform some other functions like we can get the page content with

GET/HTTP/1.1

or fetch page name,

GET/HTTP/1.1

or we can get the banner for OS fingerprinting with the following,

HEAD/HTTP/1.1

This will tell us about the application & version being used to run the webserver.

Listen to inbound connection requests on a port

To use the ncat command in Linux to check for an incoming connection on a port number following example can be referenced,

$ nc -l 80

or

$ ncat -l 80

This will put NC in listening mode, & it will check port 80 for incoming connection requests. Listening mode will keep on running until terminated manually.

If we only need to run listening mode for a given amount of time, we can use option ‘w’ for that,

$ nc -w 20 80

or

$ ncat -w 20 80

here, 20 means the listening mode is active on port 80 & will check connections for 20 seconds only.

Connecting to UDP ports

Nc command makes TCP ports connections by default. For NC command to make connections to UDP ports, use the option ‘u’,

$ nc -l -u 55

or

$ ncat -l -u 55

Here, we are connecting to UDP port 55 in listening mode.

Using NC for Port forwarding

Another use for the NC command in Linux is that we can also use it for port forwarding. Using option ‘c’ with the nc command, we can redirect a port to another. An example would be,

$ nc -u -l 80 -c ‘ nc -u -l 90’

or

$ ncat -u -l 80 -c ‘ nc -u -l 90’

here, all incoming connections from port 80 are being forwarded to port 90.

Using NC as a Proxy server

Nc command can also act as a proxy server. To use the NC command as a proxy, use

$ nc — l 80 | nc 172.16.16.200 80

or

$ ncat — l 80 | nc 172.16.16.200 80

here, all incoming connections to port 8080 on localhost are being redirected to the 172.16.16.200 server on port 80, as we do with the help of a proxy server. But this proxy is currently only one way, i.e. it will send the connections to the remote server but can not receive any packets in response.

To create a return passage or 2-way communication channel, use the following commands,

$ mkfifo 2way

$ nc — l 80 0<2way | nc 172.16.16.200 80 1>2way

We now have a fully working 2-way proxy server using the ncat command.

Using NC as a chat tool

Another way to make use of the NC command is using it as a chat tool. Weird but it’s possible. To create a chat tool using the nc command, first, start it in listening mode,

$ nc — l 8080

or

$ ncat — l 8080

Then from the remote machine, connect to the first server that is listening to port 8080,

$ nc 172.16.16.100 8080

or

$ ncat 172.16.16.100 8080

That’s it, you have a working chat tool on your hand. Now we can start a conversation using the terminal/CLI.

Using Ncat to create a system backdoor

Note: This will only work with the ncat command.

One of the most common ways that the ncat command in Linux is used for bad is by using it to create a backdoor. Nc command is used to create a backdoor to our system which can be exploited by hackers (I am mentioning this just for information & so that you can safeguard against these kinds of attacks. You guys should not be using it for wrong purposes, it’s completely wrong, unethical & not to mention can be illegal as well).

To create a backdoor,

$ ncat -l 5500 -e /bin/bash

here, we have attached port 5500 to /bin/bash, which can now be connected from a remote machine to execute the commands,

$ ncat 172.16.16.100 5500

As seen in the screenshot above, I created a backdoor on one tab & then on the second tab I connected to that backdoor & was able to run some commands like ‘date’, ‘df -h’ etc. You can run other commands as well & consider if this backdoor is created as the root user, hackers will have complete access to your system.

Force server to remain up

The server will stop listening for connection once a client connection has been terminated. But with option ‘k’, we can force a server to remain running, even when no client is connected.

$ nc -l -k 8080

These were only some examples of how to use the nc command or ncat command in Linux. There are certainly more ways to use this, GOOD as well as BAD. So use wisely.

If you have any questions or queries regarding the tutorial, please do let us know using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

--

--

Shujat Husain

A TechEenthusiat who likes all new technologies & Gaming. Most of all love to write about Cloud & DevOPs & have my own blog as well (https://linuxtechlab.com).