Wednesday, October 04, 2006

Netcat: More Hacks

Dave saw my netcat example and was kind enough to resend to me some examples of netcat that I had provided to him and others in a past life.

The more complete example is axissniff - a script I wrote to allow me to sniff SOAP traffic between an ActionScript client and a Java server. This is a great example of using netcat, because it demonstrates how a little bit of script hacking can making up for seriously missing debugging tools.

Axissniff is also cool because it shows a neat shell script hack. Mainly, the axissniff script actually generates a shell script in /tmp/ and then runs it.

Here are a bunch of small hacks (again, most from the README). Thanks Dave for holding onto this!

netcat tricks

nc -- netcat opens up a network connection and allows you to write
across it.

Very, very simple tool.

| nc -h
| [v1.10]
| connect to somewhere:   nc [-options] hostname port[s] [ports] ...
| listen for inbound:     nc -l -p port [-options] [hostname] [port]
| options:
|         -e prog                 program to exec after connect
|         [dangerous!!]
|         -g gateway              source-routing hop point[s], up to 8
|         -G num                  source-routing pointer: 4, 8, 12, ...
|         -h                      this cruft
|         -i secs                 delay interval for lines sent, ports
|         scanned
|         -l                      listen mode, for inbound connects
|         -n                      numeric-only IP addresses, no DNS
|         -o file                 hex dump of traffic
|         -p port                 local port number
|         -r                      randomize local and remote ports
|         -s addr                 local source address
|         -t                      answer TELNET negotiation
|         -u                      UDP mode
|         -v                      verbose [use twice to be more verbose]
|         -w secs                 timeout for connects and final net reads
|         -z                      zero-I/O mode [used for scanning]

copy files
  nc -l -p 9000

  cat foo | nc 9000

copy tree of files
  host: machine1
  nc -l -p 9000 | tar xvf -

  host: machine2
  tar cvf - tmp | nc -w 3 machine1 9000

check for open port
  nc -vv -z 80

do port scanning
  nc -v -w 2 -z 70-100

get a web page
  nc 80
  GET / HTTP/1.0

simple web service
  while true
    nc -l -p 9000 -e /usr/bin/uptime

  nc 9000

telnet to a machine
  nc -t 23

swamp the network
 host: machine1
 yes AAAAAAAAAAAAAAAAAAAAAA | nc -v -v -l -p 2222 > /dev/null

 host: machine2
 yes BBBBBBBBBBBBBBBBBBBBBB | nc machine1 2222 > /dev/null


  1. Anonymous5:29 PM

    enjoyed the netcat posts. i just wanted to point out dan bernstein's ucspi-tcp package, which is suitable for quickly building client/server tools that are a bit more robust (but still delightfully simple). often used in combination with the fantastic daemontools collection of utilities.

  2. Thanks - those are excellent tools too.