How to Use Netcat for Cybersecurity
To start a career as a security analyst, one must have a good understanding of the network and knowledge of networking tools. Let’s begin with netcat.
One can do amazing things with netcat (nc), the super tool of Linux command line experts for several decades now. This article aims to equip you with some of the tricks of the networking trade that you can apply in your daily life, including:
- File transfer
- Port connection testing
- Text messaging system
Netcat can be very useful in determining what is happening in the network. You can also use other command line tools such as tcpdump, which is the command line equivalent of Wireshark, the graphical packet analyzer, or protocol decoder (more on this in a later blog).
Practical Use Examples
For beginners, Netcat recommends non-root access, thus created as a regular user. Netcat does not require root privileges unless we need it to listen on a port number less than 1024, which Linux protects.
You can run a simple file transfer service using nc with this script:
$ nc -l -p 6000 > output.txt
On another terminal, you can send a file:
$ nc <ip/dns> 6000 < inputfile.txt
This file transfer works by first starting the server. The server then listens and waits until the client connects on the second line above. The method by which you can use netcat varies as the switches between systems vary, from BSD systems or Linux or Windows, but the core idea stays the same.
Port Connection Testing
Here is a simple UDP port connect test to check whether a UDP service is running or not:
$ nc -u <remotedns> 800
The “-u” in the code above stands for using UDP instead of TCP. If the command returns, it means it is working, if it hangs, then something might be wrong. UDP is harder to work with than TCP, so this test is not as reliable as others but helps with initial diagnostics.
Text Messaging System
You can create a straightforward text messaging system with netcat, which is quite curious (and may amuse some), though it has some practical uses. This works well when the two machines are connected using public IP addresses and don’t have interference from other tools.
Run this server:
$ nc -l -p 2000
And connect to the server using this client:
$ nc <ip> 2000
That is all. Now you can chat with one another. What you type on one side is visible on the other side and vice versa.
The simple nc program can also connect to local or UNIX domain sockets and used for testing some protocol development. In conjunction with tcpdump, netcat can be useful.
For instance, tcpdump can dump the packets on a particular port and IP like this using filter expressions.
# tcpdump -ni em0 proto ICMP
This string will dump all the ping packets in the network. Netcat can give less verbose output, and tcpdump can create clutter on your screen. The verbose switch “-v” of netcat is handy as it provides more information.
Though very humble and simple, this tool can work wonders. For instance, by default, AWS cloud EC2 instances do not allow inbound ports. You can use netcat on your desktop and cloud instance like this to ensure that the port is indeed open.
On the EC2 instance, run the server:
$ nc -l -p 80
In this case, we are using an HTTP port, but you get the idea.
On your desktop, you can test like this:
$ nc -v <ip_of_ec2> 80
If it says connected, then your AWS console security group rules worked. If not, then the port should be checked.
3-way Communication and Further
Netcat is not the only command line tool for diagnostics by protocol developers, sysadmins, and troubleshooters, but it is by far the most popular and well-known. There is also a tool called socat. If you are looking for something more advanced, socat allows you can run full-fledged socks proxies. But for now, we will stick to netcat as this simple and powerful. In the next article, we shall take a look at tcpdump.
Did you enjoy this content? Follow our linkedin page!