Netcat is a brilliant tool that embodies everything that is brilliant about Unix. I have been using Netcat for a long, long time but have finally decided to give it its own set of notes because I’m dealing with so many different variants and it’s getting hard to keep it all straight.
net-analyzer/nc110-r9 - This seems to be the original by
email@example.com. This is the one with the ASCII art cat. No
-Xfeature. This is what is normally installed on normal Gentoo. Project page.
nc.traditional - On
Debian GNU/Linux 8both
netcatlink to same name links in
/etc/alternatives/. Those links both link to
Debianthe version (from
[v1.10-41]. The man page is almost identical to nc110-r9’s except the ASCII art is regrettably elided. This version has a
-Cfor CRLF line endings and
-Tto set the TOS flag; otherwise the options are identical to nc110-r9.
net-analyzer/gnu-netcat - This is an alternative GNU version currently at 0.7.1-r3 and hosted on this project page.
BSD nc (Mac) - On a Mac with a Feb 2016 kernel, there is no
netcatbut there is a
/usr/bin/nc. This one seems to be written by Eric Jackson and its man page is dated 2001-06-25. This one claims to support connections to HTTPS proxies. See
-xin the man page.
usage: nc [-46AacCDdEFhklMnOortUuvz] [-K tc] [-b boundif] [-i interval] [-p source_port] [--apple-delegate-pid pid] [--apple-delegate-uuid uuid] [-s source_ip_address] [-w timeout] [-X proxy_version] [-x proxy_address[:port]] [hostname] [port[s]]
BSD nc (CentOS 6) - On a CentOS 6.7 machine I have the BSD version, also claiming to support the
-X. This one’s man page is from 2006-08-22 (weird coincidence - exactly 10 years ago today). True to form, there is no
netcaton this machine. Strangely for a much newer model, there are far fewer options. Too bad there’s no
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port] [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version] [-x proxy_address[:port]] [hostname] [port[s]]
ncat - On a CentOS 7.2.1511 installation, I find that
/usr/bin/ncat. This seems to be an effort by the same people who created and maintain
nmap. A very good sign is that it is described well in
Ncat is a reimplementation of the currently splintered and reasonably unmaintained Netcat family. Ncat will do pretty much everything that all the other Netcat's do, all in one place. Plus it has the added benefit of spanky new features and ongoing development. .... Ncat has support for HTTP "CONNECT" via an HTTP proxy server such as Squid.
SSH has a fancy trick that allows connections to be run through a HTTP proxy using "nc". The canonical example of this is found here.
:->[usb64][~]$ man ssh_config | grep /usr/bin/nc ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
See my proxy forwarding notes.
There may be other ways. Corkscrew is a tool that claims to be able to
"tunnel TCP connections through HTTP proxies".
Obtain Corkscrew with
apt-get install corkscrew or from the
ProxyCommand /usr/local/bin/corkscrew avproxy.example.com 3128 %h %p
Although its source code seems to be from 2001, it compiles fine. I didn’t get it to work, but it may be a fussy proxy. Worth keeping in mind.
Bash can do many of the basic things netcat can do all by itself. It provides support for special device files that do things with arbitrary network sockets. The format for these is:
Here’s how to create a connect back shell on a remote system using nothing but Bash.