Master Ncat on CentOS: Install, Test Ports, Chat, and Simple Web Server

Introduction

ncat (also invoked as nc) is the network‑oriented counterpart of the Unix cat command. It can read from, write to, and redirect data streams over TCP or UDP sockets, making it useful for connectivity testing, port scanning, simple proxying, chat, banner grabbing, and lightweight web serving.

Installation on CentOS 7/8

The package providing ncat is nmap-ncat. Install it with the system package manager: # yum -y install nmap-ncat After installation, the nc and ncat binaries are available in /usr/bin.

Checking a TCP port

To verify that a host is reachable on a specific TCP port without sending data, use the zero‑I/O mode ( -z) together with verbose output ( -v).

# nc -vz DCserver 80
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.0.6:80.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

If the connection succeeds, ncat reports “Connected”. A failure returns an error message and a non‑zero exit status.

Creating a listening TCP port

Start a listener on a chosen port (e.g., 1234) with the -l flag. Adding -v shows status information.

# nc -vl 1234
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::1234
Ncat: Listening on 0.0.0.0:1234

Confirm the listener is active with netstat -tlunp or ss -ltnp.

Using ncat as a simple chat tool

Run a listener on the server: # ncat -l 8080 From a remote client, connect to the server’s IP and port, then type messages. Each line is echoed to the opposite side. Terminate the session with Ctrl+C.

# ncat 192.168.0.12 8080
Hello ncat

Retrieving an SSH banner (version check)

Send an arbitrary string (e.g., EXIT) to the SSH service on port 22. The SSH daemon replies with its version banner before closing the connection.

# echo "EXIT" | nc 192.168.43.131 22
SSH-2.0-OpenSSH_7.8
Protocol mismatch.

The first line reveals the SSH server version.

Creating a backdoor shell

ncat can bind a shell to a TCP port using the -e option (available in older ncat builds; newer versions may require --exec or a wrapper script). The following command spawns /bin/bash for any client that connects to port 5566: # nc -l 5566 -e /bin/bash From the client side:

# nc server-host 5566
ls
...

The client now has an interactive bash session on the server.

Running a minimal static web server

1. Create a simple HTML file, e.g., /root/sample.html:

<html>
  <head><title>Test Page</title></head>
  <body>
    <h1>Level 1 header</h1>
    <h2>Subheading</h2>
    <p>Normal text here</p>
  </body>
</html>

2. Serve the file continuously on port 80:

# while true; do nc -l -p 80 < /root/sample.html; done

The loop restarts the listener after each connection, effectively acting as a single‑page HTTP server. Access the server’s IP address with a web browser to view the page.

Conclusion

ncat provides a versatile, script‑friendly alternative to telnet for network diagnostics and lightweight services. Core capabilities demonstrated include:

Zero‑I/O port probing ( -z)

Persistent TCP listeners ( -l, optional -k)

Bidirectional chat sessions

Banner grabbing for service version identification

Binding interactive shells to a port ( -e)

Serving static HTML without a full web server stack

All commands are compatible with ncat version 7.70 (the version shipped with nmap-ncat on CentOS 7/8).