NETCAT

Description:
This simple utility reads and writes data across TCP or UDP network connections. It is
designed to be a reliable back-end tool that can be used directly or easily driven by other
programs and scripts. At the same time, it is a Ieature-rich network debugging and exploration
tool, since it can create almost any kind oI connection you would need, including port binding to
accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn't
been maintained despite its immense popularity. It can sometimes even be hard to Iind
nc110.tgz. The Ilexibility and useIulness oI this tool have prompted people to write numerous
other Netcat implementations - oIten with modern Ieatures not Iound in the original. One oI the
most interesting is Socat, which extends Netcat to support many other socket types, SSL
encryption, SOCKS proxies, and more.
Netcat is a computer networking service Ior reading Irom and writing network
connections using TCP or UDP. Netcat is designed to be a dependable 'back-end device that
can be used directly or easily driven by other programs and scripts. At the same time, it is a
Ieature-rich network debugging and investigation tool, since it can produce almost any kind oI
correlation you would need and has a number oI built-in capabilities.
In 2000, according to www.insecure.org, Netcat was voted the second most Iunctional
network security tool. Also, in 2003 and 2006 it gained Iourth place in the same category. Netcat
is oIten reIerred to as a "Swiss-army kniIe Ior TCP/IP." Its list oI Ieatures includes port scanning,
transIerring Iiles, and port listening, and it can be used as a backdoor.
Features:
Some oI netcat's major Ieatures are:
O Outbound or inbound connections, TCP or UDP, to or Irom any ports
O ull DNS Iorward/reverse checking, with appropriate warnings
O Ability to use any local source port
O Ability to use any locally-conIigured network source address
O uilt-in port-scanning capabilities, with randomization
O uilt-in loose source-routing capability
O Can read command line arguments Irom standard input
O Slow-send mode, one line every N seconds
O Hex dump oI transmitted and received data
O Optional ability to let another program service established connections
O Optional telnet-options responder
O eatured tunneling mode which allows also special tunneling such as UDP to TCP, with
the possibility oI speciIying all network parameters (source port/interIace, listening
port/interIace, and the remote host allowed to connect to the tunnel.
ow to Use Netcat:
As one expects, the name Netcat comes Irom one oI the basic Unix commands cat. cat
"concatenates Iiles and prints on standard output", Netcat basically does the same. Instead oI
concatenating Iiles, Netcat concatenates the TCP and UDP sockets, making it basically a "cat oI
ports". Just like its ancestors, the Iundamental commands oI the Unix environment, Netcat does
this one thing and does it perIectly. One can glue it to other commands to make it do whatever
you want.
Netcat is a very useIul tool available on all Posix OSes which allow one to transIer data
across the network via TCP/UDP with ease. The principle is simple... There is a server mode and
a client mode. You run the netcat tool as a server listening to a particular port on the machine
which sends the data and you use netcat as a client connecting to that particular port on the
machine it is running as a server. The basic syntax oI netcat is as Iollows :

or the server :
nc -l port number ~
... where -l option stands Ior "listen" and the client connects to the server machine as Iollows :
nc server ip address~ port number~
These methods could be used Ior:
O You can transIer Iiles by this method between remote machines.
O You can serve a Iile on a particular port on a machine and multiple remote machines can
connect to that port and access the Iile.
O Create a partition image and send it to the remote machine on the Ily.
O Compress critical Iiles on the server machine and then have them pulled by a remote
machine.
O And you can do all this securely using a combination oI netcat and SSH.
O It can be used as a port scanner too by use oI the -z option.
orking
Netcat was written 5 years ago Ior allowing the user to make network connections
between machines without any programming. Here is an examples oI how it works.
Let's say that one is having trouble with a web server that's not returning the content
wanted Ior some reason. One would like to see exactly what it's sending back Ior a particular
request:
echo -e "GET http://mason.stearns.org HTTP/1.0\n\n" , nc mason.stearns.org 80 , less
Here is what one sees:
HTTP/1.1 200 OK
Date: Sun, 12 Nov 2000 22:56:42 GMT
Server: Apache/1.3.3 (Unix) (Red Hat/Linux)
Last-ModiIied: Thu, 26 Oct 2000 05:13:45 GMT
ETag: "15941-577c-39I7bd89"
Accept-Ranges: bytes
Content-Length: 22396
Connection: close
Content-Type: text/html

html~
head~
title~Mason - the automated Iirewall builder Ior Linux/title~
META NAME"keywords" CONTENT"Iirewall, Linux, packet, Iilter, ipIwadm, ipchains,
automated, rules, iptables, netIilter, builder"~
/head~
body~

center~img src"mason-banner.giI"~/center~
...
The echo command created an HTTP request. The HTTP protocol requires two lineIeeds
at the end oI the request, so use two \n's to create them. The actual netcat command (nc) is given
this request on stdin. The command line parameters used ("mason.stearns.org 80") tell netcat to
open a connection to port 80 on the server and hand the "GET http..." command to it. Netcat then
listens Ior the reponse (the web page with all the headers) and hands it oII to the less command.
You can picture netcat working like this:
Web Server
` ,
, v
` ,
, v
echo --~ netcat --~ less
The line leading up to "Web" is the outbound web request, and the line leading down
Irom server is the returned web page.
Now one can see the exact html returned Irom the server, allowing to troubleshoot what's
going on in the html request.
ow to Install Netcat:
Netcat is a command line tool Ior Linux and Unix that allows the user to create and
manipulate packets oI data using the TCP/IP protocol, the primary protocol used in local area
networking and on the Internet. ecause it is Iree and highly Ilexible in terms oI what it can do,
network administrators commonly use it Ior tasks such as Iinding security vulnerabilities. or
installing Netcat on your Linux computer, you can do so through the built-in package manager.
Instructions
1. Click the "System" menu at the top oI the screen. Navigate to "Administration" and click
"Synaptic Package Manager."
2.Type the root (administrator) password Ior your computer, and then press "Enter" or click
"OK." The Synaptic Package Manager appears.
3.Type "netcat" in the "Quick Search" box at the top oI the Synaptic Package Manager window.
AIter a moment, the search completes. The package "netcat" is displayed at the top oI the list oI
search results.
4.Place a check in the box next to "netcat," and then click "Mark Ior Installation."
5.Click the "Mark" button in the window that appears displaying any additional packages that
need to be installed Ior Netcat to Iunction on your system.
6.Click the "Apply" button at the top oI the window, and then click "Apply" again in the
summary window that appears. The computer downloads and installs Netcat.
7.Click the "Close" button when Netcat is Iinished installing.
Benefits:
O Netcat can be used as a sniIIer within a system to collect incoming and outgoing data.
O It is useIul when there is no other tool available to sniII traIIic
O In case oI netcat there is no need Ior netcat to be root.
O Netcat is not a passive application.directions oI Ilowing data could be manipulated.