Netcat kullanımı ile ilgili örnekler – Linux

1. Test if a particular TCP port of a remote host is open.

$ nc -vn 5000
nc: connect to 5000 (tcp) failed: Connection refused
$ nc -v 22
Connection to 22 port [tcp/ssh] succeeded!
SSH-2.0-OpenSSH_6.0p1 Debian-4

2. Send a test UDP packet to a remote host.

The command below sends a test UDP packet with 1 second timeout to a remote host at port 5000.

$ echo -n “foo” | nc -u -w1 5000

3. Perform TCP port scanning against a remote host.

The command below scans ports in the ranges of [1-1000] and [2000-3000] to check which port(s) are open.

$ nc -vnz -w 1 1-1000 2000-3000

4. Copy a file (e.g., my.jpg) from to

On (receiver):

$ nc -lp 5000 > my.jpg

On (sender):

$ nc 5000 < my.jpg

5. Transfer a whole directory (including its content) from to

On (receiver):

$ nc -l 5000 | tar xvf –

On (sender):

$ tar cvf – /path/to/dir | nc 5000

6. Perform UDP port scanning against a remote host.

$ nc -vnzu 1-65535
Connection to 68 port [udp/*] succeeded!
Connection to 5353 port [udp/*] succeeded!
Connection to 16389 port [udp/*] succeeded!
Connection to 38515 port [udp/*] succeeded!
Connection to 45103 port [udp/*] succeeded!

The above command checks which UDP port(s) of a remote host are open and able to receive traffic.

7. Listen on a UDP port and dump received data in text format.

The command below listens on UDP port for incoming messages (lines of text).

$ nc -u localhost 5000

Note that this command dies after receiving one message. If you want to receive multiple messages, use whileloop as follows.

$ while true; do nc -u localhost 5000; done

8. Back up a (compressed) hard drive (e.g., /dev/sdb) to a remote server.

On a remote server:

$ nc -lp 5000 | sudo dd of=/backup/sdb.img.gz

On a local host with a hard drive:

$ dd if=/dev/sdb | gzip -c | nc 5000

9. Restore a hard drive from a compressed disk image stored in a remote server.

On a local host:

$ nc -lp 5000 | gunzip -c | sudo dd of=/dev/sdb

On a remote server with a backup disk image (e.g., /backup/sdb.img.gz):

$ cat /backup/sdb.img.gz | nc 5000

10. Serve a static web page as a web server.

Type the command below to launch a web server that serves test.htmlon port 8000.

$ while true; do nc -lp 8000 < test.html; done

Now go to http://<host_ip_address>:8000/test.html to access it. Note that in order to use a well known port 80, you will need to run nc with root privilege as follows.

$ while true; do sudo nc -lp 80 < test.html; done

11. (Insecure) online chat between two hosts.

On one host (

$ nc -lp 5000

On another host:

$ nc 5000

After running the above commands, anything typed on either host appears on the other host’s terminal.

12. Launch a “remote shell” which allows you run from local host any commands to be executed on a remote host.

On a remote host (

$ nc -lp 5000 -e /bin/bash

On local host:

$ nc 5000

After running the above command on local host, you can start running any command from local host’s terminal. The command will be executed on the remote host, and the output of the command will appear on local host. This setup can be used to create a backdoor on a remote host.

13. Create a web proxy for a particular website (e.g.,

$ mkfifo proxypipe $ while true; do nc -l 5000 0<proxypipe | nc 80 1> proxypipe; done

The above commands create a named pipe proxypipe, and use nc to redirect all incoming TCP/5000 connections to via the bidirectional pipe. With this setup, you can access Google by going to

14. Create an SSL proxy for a particular website (e.g.,

$ mkfifo proxypipe $ mkfifo proxypipe2 $ nc -l 5000 -k > proxypipe < proxypipe2 & $ while true do; openssl s_client -connect -quiet < proxypipe > proxypipe2; done

The above commands use nc to proxy SSL connections to

15. Stream a video file from a server, and client watches the streamed video using mplayer.

On a video server (

$ cat video.avi | nc -l 5000

On a client host:

$ nc 5000 | mplayer -vo x11 -cache 3000 –

16. Listen on a TCP port using IPv6 address.

The following command let nc use IPv6 address when listening on a TCP port. This may be useful to test IPv6 setup.

$ nc -6 -l 5000
$ sudo netstat -nap | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      4099/nc


Comments are closed.