
A Unix Utility You Should Know About: Netcat (2009) - shawndumas
http://www.catonmat.net/blog/unix-utilities-netcat/#
======
sargun
There is a better utility available for folks. Ncat - part of famous the Nmap
(5) project. It has more features than netcat that people might find useful -
like SCTP, SOCKS, etc..

You can find out more about it: [http://nmap.org/ncat/](http://nmap.org/ncat/)

~~~
harshreality
There's a better utility available than ncat. It's called socat. It has more
features than ncat that people might find useful.

[http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES](http://www.dest-
unreach.org/socat/doc/socat.html#EXAMPLES)

~~~
amboar
Dropped into the comments to mention socat. I use it regularly to debug serial
and multicast issues or to lash up network logging for random shell scripts.
It's a very valuable addition to the toolbox IMO.

Edit: somehow my phone managed to post this comment three times. I've deleted
the others

------
ams6110
You should also know about the so-called "netcat mode" in OpenSSH:

    
    
       -W host:port
           Requests that standard input and output on the client be
           forwarded to host on port over the secure channel.  Implies -N,
           -T, ExitOnForwardFailure and ClearAllForwardings.  Works with
           Protocol version 2 only.

~~~
jwilliams
I only discovered this recently - I was using a literal "nc %h %p" rather than
this shortcut.

Also worth noting this is also extremely useful when used in your
~/.ssh/config file.

~~~
voltagex_
Can you give an example of how you'd use it in your config?

~~~
jwilliams
Sure. I have something like:

    
    
      Host <bastion>
        Hostname <bastion>
        User gateway
        ForwardAgent yes
    
      Host 10.0.*
        User <username>
        ProxyCommand ssh -W %h:%p <bastion>
    

Where bastion is the NAT/Bastion SSH host for my infrastructure. 10.0.* are
internal IP addresses, which don't work on my network, but get passed through
to the bastion (where they do work). Pretty handy as I can just "ssh <internal
address>"

~~~
voltagex_
Thanks!

------
atesti
Also check out socat: It's like netcat, but bidirectional. [http://www.dest-
unreach.org/socat/doc/socat.html#EXAMPLES](http://www.dest-
unreach.org/socat/doc/socat.html#EXAMPLES)

~~~
mcpherrinm
More than just bidirectional: It supports a lot of other socket types, and
other shenanigans. I use socat a lot for testing network services, gluing
together applications, and lots of other places where writing a little C
program would otherwise be needed.

------
sprash
All of these tools were not necessary if Networking were file based, like the
/net FS in Plan9.

It is the first major occasion where Unix went in a completely wrong
direction. The second one was the X server.

~~~
justincormack
Make a fuse filesystem for networking then...

------
jvoorhis
Stupid LAN trick: you can combine nc with pbcopy/pbpaste for distributed
copy/paste on macs.

~~~
timmow
I do something similar with local port forwarding in ssh - I can also use this
to open files on remote servers in local gui editors, and to send things to
notification centre - useful if you leave a long running task in the
background.

------
sehrope
Netcat is indeed very versatile and useful but most of the time it's used
improperly when used as a server (-l mode). Unless you're doing basic network
diagnostics (ex: testing if firewall ports are open) you're better off using
openssl (s_server mode) or more likely good ol' SSH port forwarding.

~~~
stormbrew
I don't really feel like there's that many people misusing netcat out there.
It's mostly useful to me as a server for hand testing client software against
a known (and human-talkable) server protocol.

Is there some rash of people opening up public listening ports using netcat
to... run a service of some sort? Most of the time when I need an arbitrary
connection between unix machines ssh in command (not even port forward) mode
is more than enough.

------
voltagex_
There are so many different variants of netcat:

nc, netcat, ncat, socat... I can never be sure of which syntax I'm going to
get on an unfamiliar server.

~~~
LukeShu
nc, ncat, and netcat are all the "same". Any of them could be any of:

    
    
      * the original netcat (http://nc110.sourceforge.net/)
      * OpenBSD netcat
      * "GNU netcat" (not affiliated with GNU)
      * BusyBox netcat
      * Nmap ncat (well, this one is typically always "ncat")
    

They all take roughly the same, but different, syntax, like 'cp', 'ls', or any
of the *nix utilities with multiple implementations.

------
chadrs
On a related note it's always annoyed me when people use "telnet" when they
mean "make a TCP connection" as in "can you telnet to the port?"

~~~
username42
When providing support, you have to be very precise when you ask someone to
perform a check. The sentence "can you telnet to the port" is unambiguous. The
sentence "can you make a TCP connection" leaves the choice of the tool
unspecified. Depending of their background, some people may use ping (subject
to different firewall rules), or a browser (subject to proxy configuration).

~~~
icebraining
Ping doesn't make TCP connections!

~~~
username42
I know, but for many people, pinging the remote host is their single idea for
network issue analyse.

------
platz
I'm under the impression that socat is the most versatile, but probably
involves more typing for similar commands.

------
augustl
Be aware that GNU netcat and BSD netcat are incompatible. Many a time have I
attempted to cat a file from a Mac to a PC running Linux, only to have found
that Nothing Happens (tm). I just recently realized that installing BSD netcat
on Linux solves the problem. Not sure what the actual incompatibility is, just
a heads up.

~~~
bifrost
I just confirmed this is not the case. Could you share what you were doing?

~~~
augustl
Seems like bartbes pointed out the problem. I suppose not specifying the port
correctly makes it use some default port or something like that.

------
tzury
Some more examples at wikipedia

[http://en.wikipedia.org/wiki/Netcat#Examples](http://en.wikipedia.org/wiki/Netcat#Examples)

------
hcarvalhoalves
BSD's nc doesn't have the (arguably unsafe) -e option.

