# On Debian/Ubuntu systems
sudo apt-get update
sudo apt-get install netcat-openbsd

# Alternative: Traditional netcat
sudo apt-get install netcat

# On CentOS/RHEL systems
sudo yum install nc

# On Fedora systems
sudo dnf install nc

# Verify installation
which nc
nc -h 2>&1 | head -3

which nc && echo "Netcat is installed"

/bin/nc
Netcat is installed

# Netcat provides:
# - TCP/UDP client and server functionality
# - Port scanning and service testing
# - Banner grabbing and service detection
# - File transfer and bidirectional communication
# - Network proxy and tunnel functionality
# - Debugging and troubleshooting capabilities

# Netcat is called "the Swiss Army knife" of networking
# It reads and writes data across TCP and UDP networks
# Can run as a listening server or connecting client

# Basic usage pattern:
# Client: nc [options] hostname port
# Server: nc -l [options] port
echo "Netcat is ready for network operations"

nc -h 2>&1 | grep -E "^\s+-" | head -8

-4            Use IPv4
-6            Use IPv6
-l            Listen mode
-u            UDP mode (default is TCP)
-v            Verbose output
-z            Scan mode (no I/O)
-e program    Program to exec

# Netcat advantages over telnet:
# - More versatile (handles UDP, scanning)
# - Better for binary data transfer
# - Supports more protocols and operations
# - More secure implementation

# Netcat advantages over curl:
# - Lower-level network operations
# - No automatic protocol interpretation
# - Better for binary protocols
# - Lightweight and portable

# Use netcat when you need:
# - Raw network communication
# - Port scanning and banner grabbing
# - File transfer over network
# - Custom protocol testing
# - Network debugging and diagnostics

echo "Netcat is ideal for network diagnostics and debugging"

echo "Netcat capabilities:"
echo "- TCP/UDP connections"
echo "- Port scanning"
echo "- File transfers"
echo "- Server/Client mode"

Netcat capabilities:
- TCP/UDP connections
- Port scanning
- File transfers
- Server/Client mode

# Netcat use cases:

# 1. Network diagnostics - test connectivity and services
# 2. Protocol development - test custom protocols
# 3. File transfers - quick data movement between hosts
# 4. Service testing - verify server configuration
# 5. Network debugging - deep-level packet inspection
# 6. Security testing - port scanning and service detection

# Typical workflow:
# 1. Use netcat to test basic connectivity
# 2. Use nc -zv to scan ports
# 3. Use nc to transfer files
# 4. Use netcat for custom protocol testing
# 5. Use nc with pipes for data processing

echo "Netcat is essential for network professionals"

echo "Use netcat for low-level network diagnostics and testing"

Use netcat for low-level network diagnostics and testing

# Basic TCP connection to a server
nc hostname port

# Connect to localhost on port 8080
nc localhost 8080

# Connect with timeout (5 seconds)
nc -w 5 example.com 80

# Verbose connection (show what's happening)
nc -v example.com 22

# Send data and close connection
echo "Hello Server" | nc hostname port

# Connect with specific local port
nc -p 8888 example.com 80

# Example: Connect to SSH service and see banner
timeout 2 nc -v localhost 22 2>&1 | head -3

Ncat: Version 7.93
Ncat: Connected to 127.0.0.1:22.
SSH-2.0-OpenSSH_8.2p1 Ubuntu 4ubuntu0.5

# Interactive connection (type commands after connecting)
# nc hostname port
# Then type your input and press Enter

# Simple telnet replacement
nc example.com 23

# Connect to web server and send HTTP request
# nc example.com 80
# GET / HTTP/1.1
# Host: example.com
# (blank line and Ctrl+D)

# Connect and auto-close after 3 seconds
nc -w 3 example.com 80

# Set timeout without closing automatically
nc -N example.com 80

# Example: Test HTTP server response
(echo -e "GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n"; sleep 1) | nc localhost 80 | head -10

HTTP/1.1 200 OK
Server: Apache/2.4.41
Date: Fri, 28 Feb 2025 10:00:00 GMT
Content-Type: text/html
Connection: close

# Start listening server on port 8888
nc -l 8888

# Listen on specific IP and port
nc -l localhost 8888

# Listen in verbose mode
nc -l -v 8888

# Listen only once (accept one connection then exit)
nc -l 8888

# Set verbosity for debugging
nc -l -vv 8888

# Listen on IPv6
nc -6 -l 8888

# Start listening server in background
(nc -l 9999 > /tmp/received.txt &) &
sleep 1
# Connect and send data
echo "Test message" | nc localhost 9999
sleep 1
cat /tmp/received.txt
killall nc 2>/dev/null

Test message

# Listen and handle multiple connections
# Use in a loop to accept new connections
while true; do nc -l 8888; done

# Listen and log all input to file
nc -l 8888 >> /tmp/nc.log

# Listen and echo input back to client
mkfifo /tmp/fifo
nc -l 8888 < /tmp/fifo | tee /tmp/fifo > /dev/null

# Listen with timeout
timeout 30 nc -l 8888

# Listen and execute command for each connection
while true; do nc -l 8888 -e /bin/bash; done

# Start server in background
(nc -l 9998 | tee /tmp/server.log &) &
SERVER_PID=$!
sleep 1
# Connect client and send message
echo "Server message" | nc localhost 9998
sleep 1
kill $SERVER_PID 2>/dev/null
cat /tmp/server.log

Server message

# UDP client to send data
echo "UDP Message" | nc -u hostname 5000

# UDP listening server
nc -u -l 5000

# UDP with verbose output
nc -u -v localhost 5000

# UDP timeout on client
echo "Test" | nc -u -w 2 localhost 5353

# Send multiple UDP messages
(echo "Message 1"; sleep 1; echo "Message 2") | nc -u localhost 5000

# UDP with specific source IP
echo "Data" | nc -u -s 192.168.1.100 8.8.8.8 53

# Test DNS server with UDP on port 53
(nc -u -l 5353 | tee /tmp/udp_data.txt &) &
UDP_PID=$!
sleep 1
echo "UDP Test" | nc -u localhost 5353
sleep 1
kill $UDP_PID 2>/dev/null
cat /tmp/udp_data.txt

UDP Test

# Test DNS resolution (requires dig or nslookup usually)
# But can send raw UDP to DNS server
echo "Test" | nc -u 8.8.8.8 53

# Listen for incoming UDP messages
nc -u -l -v 5353

# Send UDP broadcast (if supported)
# echo "broadcast message" | nc -u -b 192.168.1.255 5000

# Create UDP echo server (receives and echoes back)
mkfifo /tmp/fifo
(cat /tmp/fifo | nc -u -l 5000 > /tmp/fifo &)

# Send UDP with specific source port
echo "Data" | nc -u -p 5555 localhost 5000

# Test UDP with multiple servers
for server in 8.8.8.8 1.1.1.1; do
  echo "Test" | timeout 1 nc -u $server 53
done

# Start UDP listener
(nc -u -l 5354 > /tmp/udp_msg.txt &) &
PID=$!
sleep 1
# Send UDP message
echo "UDP Communication Test" | nc -u localhost 5354
sleep 1
kill $PID 2>/dev/null
cat /tmp/udp_msg.txt

UDP Communication Test

# Connect to IPv6 server
nc -6 ::1 8080

# Connect to IPv6 address with zone ID
nc -6 fe80::1%eth0 8080

# Listen on IPv6 address
nc -6 -l ::1 8080

# Listen on all IPv6 interfaces
nc -6 -l :: 8080

# Specify both IPv4 and IPv6
nc -4 localhost 8080  # IPv4
nc -6 localhost 8080  # IPv6

# Force IPv4 only
nc -4 -l 0.0.0.0 8080

# Force IPv6 only
nc -6 -l :: 8080

# Check if IPv6 is available
nc -6 -z -w 1 ::1 22 2>&1 && echo "IPv6 available" || echo "IPv6 not available"

IPv6 available

# Listen on both IPv4 and IPv6 (requires separate instances)
nc -4 -l 0.0.0.0 8080 &
nc -6 -l :: 8080 &

# Listen on IPv6 only (may accept IPv4 mapped)
nc -6 -l :: 8080

# Test both IPv4 and IPv6 connectivity
echo "IPv4 Test" | nc -4 -w 1 127.0.0.1 8080
echo "IPv6 Test" | nc -6 -w 1 ::1 8080

# Convert IPv4-mapped IPv6 address
# ::ffff:192.0.2.1 is IPv4 192.0.2.1 mapped as IPv6

# Scan IPv6 ports
nc -6 -z -w 1 ::1 22 2>&1

# Test IPv6 loopback
(nc -6 -l ::1 8890 > /tmp/ipv6_test.txt &) &
PID=$!
sleep 1
echo "IPv6 Protocol Test" | nc -6 -w 1 ::1 8890
sleep 1
kill $PID 2>/dev/null
cat /tmp/ipv6_test.txt

IPv6 Protocol Test

# Send file from client to server
# On receiving end (server):
nc -l 8888 > received_file.txt

# On sending end (client):
cat file.txt | nc hostname 8888

# Send file with progress information
cat large_file.iso | pv | nc hostname 8888

# Receive file and save
nc -l 8888 < file.txt

# Transfer binary files
cat binary.bin | nc hostname 8888
nc -l 8888 > binary.bin

# Keep server listening for multiple files
while true; do nc -l 8888 > file_$(date +%s).txt; done

# Create test file and transfer
echo "Test file content" > /tmp/test_send.txt
(nc -l 9997 > /tmp/test_receive.txt &) &
PID=$!
sleep 1
cat /tmp/test_send.txt | nc localhost 9997
sleep 1
kill $PID 2>/dev/null
echo "Received: $(cat /tmp/test_receive.txt)"

Received: Test file content

# Transfer entire directory as tar archive
# Receiving end:
nc -l 8888 | tar xz -C /destination/

# Sending end:
tar czf - /source/directory | nc hostname 8888

# Transfer with progress using pv
tar czf - /source | pv | nc hostname 8888

# Receive and decompress simultaneously
nc -l 8888 | tar xzf - -C /path/

# Transfer with MD5 verification
tar czf - /source | nc hostname 8888 &
md5sum /source > /tmp/source.md5

# Receive side:
nc -l 8888 | tar xzf - && md5sum -c /tmp/source.md5

# Transfer exclude patterns
tar czf - --exclude='.git' --exclude='node_modules' . | nc hostname 8888

# Create test directory and transfer
mkdir -p /tmp/test_dir/subdir
echo "file1" > /tmp/test_dir/file1.txt
echo "file2" > /tmp/test_dir/subdir/file2.txt
(nc -l 9996 | tar xz -C /tmp/ &) &
PID=$!
sleep 1
tar czf - -C /tmp test_dir | nc localhost 9996
sleep 2
kill $PID 2>/dev/null
find /tmp/test_dir -type f

/tmp/test_dir/file1.txt
/tmp/test_dir/subdir/file2.txt

# Simple chat system using netcat

# Terminal 1 - Server (listening)
nc -l 5555

# Terminal 2 - Client (connecting)
nc localhost 5555

# Both can now type and receive messages
# Type in one terminal, see in other

# With pipes for automation
# Server listening and responding
mkfifo /tmp/chat_in
nc -l 5555 < /tmp/chat_in | tee /tmp/chat_out

# Client sending and receiving
{ echo "Hello"; cat /tmp/chat_out; } | nc server 5555

# Named pipe chat server
mkfifo /tmp/fifo
cat /tmp/fifo | nc -l 5555 | tee /tmp/fifo

# Demonstrate bidirectional with pipes
mkfifo /tmp/fifo_in /tmp/fifo_out 2>/dev/null || true
(nc -l 8891 < /tmp/fifo_in > /tmp/fifo_out &) &
PID=$!
sleep 1
(echo "Message 1"; sleep 0.5; echo "Message 2") | nc localhost 8891 | tee /tmp/bc_log.txt
sleep 1
kill $PID 2>/dev/null
cat /tmp/bc_log.txt

Message 1
Message 2

# Create relay between two connections
# Listen on one port, forward to another

# Method 1: Simple relay with tee
nc -l 5556 | tee /tmp/relay_log.txt | nc remote_host 5000

# Method 2: Bidirectional relay with pipes
mkfifo /tmp/relay_in /tmp/relay_out
cat /tmp/relay_in | nc -l 5556 > /tmp/relay_out
cat /tmp/relay_out | nc remote_host 5000 > /tmp/relay_in

# Method 3: Socat alternative (if available)
# socat TCP-LISTEN:5556 TCP:remote_host:5000

# Method 4: Transparent relay with logging
while true; do
  nc -l 5556 | tee -a relay.log | nc server.example.com 5000
done

# Bidirectional pipe relay
{ cat; echo; } | nc localhost 5000

# Create simple relay test
(nc -l 8892 | tee /tmp/relay_test.log &) &
RELAY_PID=$!
sleep 1
echo "Relay Test Message" | nc localhost 8892
sleep 1
kill $RELAY_PID 2>/dev/null
cat /tmp/relay_test.log

Relay Test Message

# Scan single port
nc -zv localhost 22

# Scan port range
nc -zv localhost 1-1024

# Scan with timeout
nc -zv -w 1 localhost 1-65535

# Scan specific ports only
nc -zv localhost 22 80 443

# Scan with connection timeout
timeout 10 bash -c 'nc -zv localhost 1-1024'

# Scan and redirect output
nc -zv localhost 1-65535 2>&1 | grep succeeded

# Quiet mode (no output)
nc -zv localhost 80 > /dev/null 2>&1 && echo "Port open" || echo "Port closed"

# Scan for common ports on localhost
nc -zv -w 1 localhost 22 80 443 3306 5432 8080 2>&1 | grep -E "succeeded|timed out"

Connection to localhost 22 port 22 [tcp/ssh] succeeded!
Connection to localhost 80 port 80 [tcp/http] timed out (tried 1 time).
Connection to localhost 443 port 443 [tcp/https] timed out (tried 1 time).

# Scan and show only open ports
nc -zv localhost 1-1024 2>&1 | grep succeeded

# Scan with fast timeout
nc -zv -w 1 localhost 1-65535 2>&1 | grep succeeded

# Scan remote host
nc -zv example.com 1-1024 2>&1 | grep succeeded

# Create a loop for scanning multiple hosts
for host in 192.168.1.{1..10}; do
  nc -zv -w 1 $host 22 2>&1 | grep succeeded
done

# Scan and save results to file
nc -zv localhost 1-65535 2>&1 | grep succeeded | tee /tmp/open_ports.txt

# Complex scan with statistics
for port in 22 80 443 3306 5432 8080 9000; do
  timeout 1 nc -zv localhost $port 2>&1 | grep succeeded && echo "Open: $port"
done

# Background scan with process count
nc -zv -w 1 localhost 1-1024 > /tmp/scan.log 2>&1 &
wait
grep succeeded /tmp/scan.log | wc -l

# Quick scan of common ports
for port in 22 80 443 8080; do
  timeout 1 nc -zv localhost $port 2>&1 | grep succeeded && echo "Port $port: OPEN"
done

Connection to localhost 22 port 22 [tcp/ssh] succeeded!
Port 22: OPEN

# Grab SSH banner
nc -v localhost 22

# Grab HTTP banner
echo "" | nc -v localhost 80

# Connect and send newline for banner
(echo; sleep 1) | nc -v hostname 3306

# Grab with timeout
timeout 2 nc -v localhost 21

# Get banner and disconnect
(sleep 1; echo "quit") | nc -v hostname 25

# Grab SMTP banner
timeout 2 nc localhost 25

# Get FTP banner
timeout 2 nc localhost 21

# HTTP banner with request
(echo -e "HEAD / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n"; sleep 1) | nc localhost 80

# Get SSH banner from localhost
timeout 2 nc -v localhost 22 2>&1 | head -1

SSH-2.0-OpenSSH_8.2p1 Ubuntu 4ubuntu0.5

# Scan and grab banners from open ports
for port in 21 22 25 53 80 443 3306 5432 8080; do
  echo "Port $port:"
  timeout 1 nc -v localhost $port 2>&1 | head -2
  echo "---"
done

# Create service detection script
#!/bin/bash
for ip in $(seq 1 254); do
  host="192.168.1.$ip"
  timeout 1 nc -z -v $host 22 2>&1 | grep succeeded && \
  timeout 1 nc -v $host 22 2>&1 | head -1
done

# Grab all banners from target
for port in $(seq 1 65535); do
  timeout 0.1 nc -v localhost $port 2>&1 | grep -i "succeeded\|version\|ssh\|http" && echo "Port: $port"
done

# Parallel banner grabbing with GNU parallel
seq 1 1024 | parallel "timeout 1 nc -v localhost {} 2>&1" | grep -i version

# Simple service detection on common ports
for port in 22 25 80 3306; do
  banner=$(timeout 1 nc -v localhost $port 2>&1 | head -1)
  if [ -n "$banner" ]; then
    echo "Port $port: $banner"
  fi
done

Port 22: SSH-2.0-OpenSSH_8.2p1 Ubuntu 4ubuntu0.5

# Simple TCP proxy/tunnel
nc -l 8080 | nc target.example.com 80 &

# Bidirectional proxy using mkfifo
mkfifo /tmp/proxy_in /tmp/proxy_out
cat /tmp/proxy_in | nc target 8080 | tee /tmp/proxy_out &
cat /tmp/proxy_out | nc -l 8000 > /tmp/proxy_in

# Transparent relay
while true; do nc -l 3000 | nc backend_server 3000; done

# HTTP proxy to backend
nc -l 8000 | nc internal.example.com 8080

# Tunnel SSH connection through proxy
nc -X connect -x proxy.example.com:8080 target 22

# SOCKS proxy (if supported)
nc -X socks5 -x localhost:1080 target 80

# Persistent tunnel in background
(while true; do nc -l 9000 | nc remote 9001; done) &

# Create simple proxy between ports
(nc -l 8003 | nc localhost 22 &) &
PROXY_PID=$!
sleep 1
timeout 1 nc -v localhost 8003 2>&1 | head -2
kill $PROXY_PID 2>/dev/null

Connection to localhost 8003 port 8003 [tcp/*] succeeded!
SSH-2.0-OpenSSH_8.2p1 Ubuntu 4ubuntu0.5

# Create encrypted tunnel with SSH
# Forward local 8888 to remote port 3306 through SSH
ssh -L 8888:localhost:3306 user@remote &
nc localhost 8888  # Now connects to remote MySQL

# Reverse tunnel (remote connects to local)
ssh -R 8080:localhost:8000 user@remote

# Multi-hop tunnel
# Via: Local -> Proxy1 -> Proxy2 -> Target
nc -x proxy1:3128 -X connect -x proxy2:3128 target 80

# Tunnel with compression
nc -l 8000 | gzip | nc server 9000

# Persistent SSH tunnel for multiple connections
ssh -N -f -L 8000:target:80 user@proxy

# Use netcat with tar for secure file transfer
tar czf - /files | nc tunnel 9000

# Create persistent tunnel connection pool
for i in {1..5}; do
  (while true; do nc -l 8000 | nc target 8000; done) &
done

# Create compression tunnel test
(nc -l 8004 | gunzip > /tmp/tunnel_out.txt &) &
TUNNEL_PID=$!
sleep 1
echo "Tunnel Test Data" | gzip | nc localhost 8004
sleep 1
kill $TUNNEL_PID 2>/dev/null
cat /tmp/tunnel_out.txt

Tunnel Test Data

# Test basic TCP connectivity (telnet replacement)
nc -v example.com 80

# Check if port responds (telnet replacement with timeout)
nc -zv -w 5 example.com 443

# Test connectivity with specific source IP
nc -s 192.168.1.100 example.com 80

# Debug connection issues
nc -vvv example.com 80  # Extra verbose

# Test with packet tracing
strace -e openat,connect nc -v example.com 80

# Check DNS resolution and connectivity
nc -v $(dig +short example.com | head -1) 80

# Test with different TCP options
nc -T noDelay example.com 80

# Trace connection path
traceroute example.com && nc -v example.com 80

# Test SSH connectivity
timeout 2 nc -vz localhost 22
echo "Exit Code: $?"

Connection to localhost port 22 [tcp/ssh] succeeded!
Exit Code: 0

# Test HTTP server response
(echo -e "GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n"; sleep 1) | nc localhost 80

# Test SMTP server
(sleep 1; echo "QUIT") | nc localhost 25 | head -5

# Test FTP server
(echo "QUIT") | nc localhost 21

# Test custom protocol
echo "COMMAND arg1 arg2" | nc server.example.com 9000

# Validate server response format
timeout 2 nc -v localhost 3306 2>&1 | od -c | head -5

# Test keep-alive behavior
(echo "PING"; sleep 5; echo "PING") | nc server 5000

# Build protocol conversation step by step
(
  echo "USER username"
  sleep 0.5
  echo "PASS password"
  sleep 0.5
  echo "QUIT"
) | nc -v server.example.com 21

# Capture and analyze server responses
nc -v server 80 > response.txt 2>&1

# Test simple HTTP server response
(echo -e "GET / HTTP/1.0\r\nHost: localhost\r\n\r\n"; sleep 1) | nc localhost 80 | head -3

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.8.10
Date: Fri, 28 Feb 2025 10:00:00 GMT