Master Netcat: Essential TCP/UDP Tricks for Port Testing, File Transfer, and More

Netcat, often called the Swiss‑army knife of TCP/IP, is a tiny (≈200 KB) yet powerful tool pre‑installed on most Linux distributions, useful for many network‑related tasks.

Checking Netcat Version

Run readlink -f $(which nc) to see which binary is invoked. Two common paths appear: /bin/nc.traditional: the default GNU‑based version. /bin/nc.openbsd: the more feature‑rich OpenBSD version.

Install the desired variant with apt-get install nc-traditional or apt-get install nc-openbsd. Older tutorials often target the OpenBSD version, which may no longer be the default on modern Debian/Ubuntu systems.

TCP Port Testing

To verify that a service on host A (192.168.1.2) is listening on port 8080, you can first try telnet 192.168.1.2 8080. A more lightweight approach uses netcat: nc -vz 192.168.1.2 8080 The -v flag makes the output verbose, while -z tells netcat to scan without sending data. To scan a range of ports, use: nc -v -v -w3 -z 192.168.1.2 8080-8083 Here -w3 sets a 3‑second timeout, and the double -v provides more detailed diagnostics.

UDP Testing

Start a UDP listener on host A: nc -u -l -p 8080 Then from host B connect to it: nc -u 192.168.1.2 8080 If data flows, UDP connectivity is confirmed.

File Transfer

On the receiving side (host A): nc -l -p 8080 > image.jpg On the sending side (host B): nc 192.168.1.2 8080 < image.jpg Older GNU netcat versions close the connection when stdin reaches EOF; to mimic that behavior use -q0. The OpenBSD version provides -N for the same effect:

/bin/nc.openbsd -N 192.168.1.2 8080 < image.jpg

Bandwidth / Throughput Testing

For a quick byte count, run the GNU version with verbose flags:

/bin/nc.traditional -v -v -n -l -p 8080 > /dev/null

On the client side: time nc -n 192.168.1.2 8080 < /dev/zero For more precise measurement, combine dd with pv:

dd if=/dev/zero bs=1MB count=100 | /bin/nc.openbsd -n -N 192.168.1.2 8080

On the server side: nc -l -p 8080 | pv The pv output shows real‑time throughput, e.g., "353MiB 0:00:15 [22.4MiB/s]".

Creating a Simple Backdoor

The GNU netcat supports the -e option to execute a program after a connection is made: /bin/nc.traditional -l -p 8080 -e /bin/bash Connecting from another host gives a remote shell. The OpenBSD version removed -e, but the same effect can be achieved with a named pipe:

mkfifo /tmp/f
cat /tmp/f | /bin/bash 2>&1 | /bin/nc.openbsd -l -p 8080 > /tmp/f

After use, delete the FIFO file.

Conclusion

Netcat enables direct command‑line TCP/UDP operations such as listening, connecting, and data transfer. By chaining it with pipelines, you can perform port checks, file transfers, bandwidth measurements, and even rudimentary remote shells, making it an indispensable tool for sysadmins and developers in constrained environments.