When troubleshooting a network integration or any other connection issue in Linux, step one is usually a matter of checking to see if the network port on the other side is even responding.
Netcat -The network Swiss Army knife (Hobbit, not nmap)- is the right tool for the job.
Before we begin, NetCat needs to be installed.
# RHEL / CentOS
~$ yum install nc
# Debian / Ubuntu
~$ apt-get install nc
Once installed, you can invoke Netcat like so:
~$ nc [REMOTE_SERVER] [PORT]
[REMOTE_SERVER] – The server to be checked
[PORT] – The service/port to be checked
Connection to google.com 443 port [tcp/https] succeeded!
Using NetCat to upload files can sometimes be handy, however it would be awesome if you could track the upload ETA and not just stare patiently for a prompt. PV, or “Pipe Viewer”, is a handy little command that allows you to track the progress of any Unix pipe. Using it as an replacement for “cat” in the NetCat transfer, gives you a fancy progress-bar.
lazyclient@lazyclient-desktop:~$ nc -l 7000 > verybigfile.bin
superitguy@pro-server:~$ pv verybigfile.bin | nc 126.96.36.199 7000
70.2MB 0:00:11 [5.95MB/s] [============================================================>] 100%
Fetch the latest binary @ pv’s project homepage: http://www.ivarch.com/programs/pv.shtml
As with any application in Linux, piping the output from an application to a logfile or perhaps another application. Can sometimes clarify what is going on. It would be even better if you could “cat” any output over the Network (Ncat, get it?) to another computer. That is where Ncat comes in.
First, some basics
- ncat The command in question
- -v Verbose output, recommended for testing
- -l Tells ncat to listen
- -k Tells ncat to keep the connection up (ncat exits on client disconnect by default)
- -n Tells ncat to skip DNS resolution (not necessary when connecting/listening on plain IP’s)
- –ssl Tells ncat to send data encrypted with ssl (optional)
- –send-only Tells ncat to only send data (optional)
- –recv-only Tells ncat to only receive data (optional)
Now, some examples
- [Server] $ncat -l 1025 > file.txt [Client] $cat file.txt | ncat [IP of Server] 1025 – Sends “file.txt” to the server over port 1025
- [Server] $ncat -lkv 12345 > file.txt [Client] $cat file.txt | ncat [IP of Server] 12345 – Sends “file.txt” to the server over port 12345. The server will verbosely print what is going on, and keep the connection open when the client disconnects
- [Server] $ncat -lkvn –recv-only 1337 > supersecretfile.txt [Client] $cat supersecretfile.txt | ncat –send-only –ssl [IP of Server] 1337 – Sends “supersecretfile.txt” to the server over port 1337. The server will verbosely print output, keep the connection open and skip resolving DNS. While the client sends the data encrypted over ssl
Netcat is without any doubt my favorite security tool, it’s always in my toolbox alwayswith me, it comes in handy a few times. It’s the first tool I pick when I need to perform a banner grab, just connect and send some requests and see what it spits back at you (sometimes just random crap). In this tutorial i’ll show you how can perform one yourself and how easy it is. Continue reading How To: Banner Grab With NetCat
If you are performing a pentest, you have to stay as anonymous as you can, even ifyou are performing such a simple task as a banner grab. Anonymity is specially important when performing a bind shell to a remote computer, and you don’t want your computer savvy victim to take notice, or at least, be able to track you.
Continue reading Netcat Tutorial: Connect Through Proxy