Admins can wear many hats using Netcat

Netcat is a TCP/IP tool that should be in every administrator's toolkit. Learn how to use it for instant messaging, file transfer, security monitoring and more.

This Content Component encountered an error

Have you ever wanted to transfer files between two computers but didn't have an easy way to do it? Have you ever wanted to test enterprise desktop firewalls but didn't know which tools to use? Or have you ever wanted to execute commands on remote systems but wasn't sure how to do it?

These are just a fraction of the things you can do with my favorite tool – Netcat.

Netcat (download Zipped file) is the "TCP/IP Swiss Army Knife" of network utilities and should be part of any network or desktop administrator's toolkit. Below are five useful examples of how you can use Netcat in your everyday tasks.

1. Instant messaging
No need for Facebook, Twitter or MSN Messenger -- if you'd like to communicate with someone on another computer but you don't have instant messaging set up, launch Netcat (nc.exe) on both computers, and you can communicate over a TCP port number of your choice.

On your computer, type "nc -n 172.16.1.10 3333" (where 172.16.1.10 is the IP address of the remote computer, and 3333 is the TCP port number that you've chosen to use). On the remote computer, type "nc -nvlp 3333."

You can use any port number that is open between your computer and the remote computer. Pick a nonstandard port number to reduce the risk of someone eavesdropping with a network sniffer.

2. File transfer
You're about to start your presentation, but you realize that your PowerPoint file is on your other computer. You don't have email on your presentation computer, Microsoft network has been disabled on this machine and your USB stick went through the washing machine last week.

Never fear, Netcat to the rescue!

On the presenter machine (PC1 - 172.16.1.10) where you want to receive the PowerPoint file, type "nc -nvlp 80 >file.ppt." On the remote system with the file you want to transfer (PC2), type "nc -nv 172.16.1.10 80

In the above example, TCP Port 80 was chosen to be the listening port. If a Web server exists on Port 80 on this computer, you'll need to choose a different port number. Feel free to pick any unused port number that is open between PC1 and PC2. Make sure to start the listener on PC1 before launching the command on PC2. Give it five to 10 seconds (or more, depending on the size of the file), then hit Ctl-C on PC2 to end the transfer. Go to PC1, and you'll see a fully functional file.ppt in the local directory.

Netcat is an excellent file-transfer tool, and you'll soon prefer Netcat over FTP or NetBIOS!

3. Port probing
Telnet has been the mainstay tool for testing whether a port on a remote computer is open. You'll find Netcat to be a simpler tool for this purpose because it doesn't include Telnet negotiation during the connection. To test if your computer can access a port on a remote computer, type "nc -nv 10.1.1.10 80" (where 10.1.1.10 is the IP address of the remote computer and 80 is the TCP port number you are testing).

A response of "Open" means the port is accessible. "Timed out" or "Connection refused" means the port is not accessible.

4. Traffic and worm sniffer
If you want to see if anyone on the network is running a port scanner, or if you want to sniff traffic directed at your machine on a specific port number, Netcat is the security tool for you. Set up a Netcat listener on a specific port on your machine, and output anything received on that port to a text file. In this example, we'll use TCP Port 21 since that's a commonly known port number (FTP) that is typically included in a port scan. Type "nc -nvLp 21," and make sure to use a capital "L" because this will respawn the listener for future connections.

This is also a useful technique to identify systems that are propagating malware. Set up a listener on the TCP port that's being used to spread the evil code. Your screen will show all connection attempts to your computer over that port number, including the IP address of the machines attempting to connect. Follow up on these machines to make sure they're not infected with a worm.

5. Remote shell
One of my favorite uses of Netcat is the remote shell. You can instruct Netcat to display a command prompt of a remote computer over a specified port number. This can be useful if you need command-line access to a server and don't want to run Terminal Services. Launch Netcat on the remote server, and instruct it to listen on a TCP port number of your choice. Next, launch Netcat on a local machine, and simply connect to the port number on the remote server. Like magic, you'll have a command shell of the remote computer.

On the remote server you'd like to manage, type "nc -nvLp 53 -e cmd.exe." On your computer, type "nc -nv 172.16.1.10 53."

When you're done with the remote shell, type Ctl-C on your computer to end the session. While this is a useful remote-access technique, know that the hackers like to use this as well. Make sure to protect access to the port number on the remote computer so that only authorized machines can access the remote shell.

Whether you need to transfer files to a friend, hunt down rogue worms or grab a shell from a remote machine, Netcat can help you get it done. These five examples only scratch the surface of the tool's capabilities. Browse the Netcat readme () for more ideas. Try it yourself, and let me know how you like to use Netcat.

ABOUT THE AUTHOR:   
Eric Schultze
Eric Schultze is an independent security consultant who most recently designed Microsoft patch management solutions at Shavlik Technologies. Prior to Shavlik, Schultze worked at Microsoft, where he helped manage the security bulletin and patch release process. Schultze likes to forget that he used to work as an internal auditor on Wall Street.

This was first published in October 2009

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close