Every once in a while, someone stumbles upon a classic item that has been discovered in pristine condition, despite being under a dust cloth, or in a relative's attic for years. Perhaps it is a 1952 Mickey Mantle rookie baseball card (minus the gum, of course), or an old version of the Action Comics #1 comic book (Superman's debut for the uninitiated). In the information security and network operations world, one of those gems is the classic utility Netcat.
Initially released in 1995, Netcat has survived and continues to thrive despite its age and relative simplicity. According to SecTools.org, Netcat is ranked as the eighth favorite network security tool (Nmap Security Scanner Project, 2011). While many ports and variations have emerged based on the classic utility, Netcat is still available in its original form from various websites.
At its most basic interpretation, Netcat establishes a connection between two computers and allows data to be written across the TCP and UDP transport layer protocols, and the network layer protocol IP. For those familiar with Unix and Linux distributions, the name is most likely the derivative of the classic command cat, with networking capabilities thrown in for added utility. Given the variety of tasks and scenarios that Netcat has been able to accomplish for its operators, it is no wonder that most references to the utility call it the Swiss Army knife for TCP/IP communications (Netcat). However, in reality, Netcat solves problems more in line with the type of problems that a roll of duct tape can solve.
At the core of the functionality, Netcat operates in one of the two basic modes. As a client, Netcat operates with the express purpose of initiating a connection to another computer (or the same computer; more on this in a bit). Conversely, the same Netcat binary operates in a server or listener mode when specific parameters are passed to the utility. These options are described in the output in the following lines (also shown in the next screenshot):
connect to somewhere: nc [-options] hostname port[s] [ports] listen for inbound: nc -l -p port [options] [hostname] [port]
Netcat for Windows with options listed
Netcat is a flexible and lightweight utility that can be used in a variety of scenarios. In this section, I will cover some of the more common uses and, in later sections, I will cover some of the more exotic uses.
Chat/Messaging Server: By using Netcat, an operator can redirect simple text between two computers in a simplistic chat or in an instant message interface.
File Transfers: Netcat allows you to transfer files between computers without the need to install a full-blown FTP server.
Banner Grabbing: Netcat allows an operator to establish a socket to a specific port to potentially identify the operating system, service, version, and other tidbits of information necessary to enumerate the purpose and/or potential weaknesses in the service.
Port Scanning: Netcat allows the operator to utilize a rudimentary port scanning function, whereby a port or series of ports can be interrogated to determine if the port is open or closed.
Regardless of the need, there is probably a creative solution that Netcat can help fulfill for its operator. With this in mind, let's dive into the meat and potatoes of this utility by downloading and working with Netcat directly. We will look at getting you up and running with both the Unix/Linux and Windows versions of the utility. Let's go!