Netcat is a utility capable of establishing a TCP or UDP connection between two computers, meaning it can write and read through an open port. With the help of the program, files can be transferred and commands can be executed in some instances.
Netcat can be and is also used by server administrators. When a server is hacked, the hacker usually changes and infects the binary files on the system, and so even if the administrator starts cleaning the system it may not succeed because the hacker can track his work. Think about changing your passwords, for example. In these cases, if we have recorded on a cd the netcat program, it can connect to the server without the connection being compromised.
Another advantage of the program is the ability to copy files over the network without having an FTP server, HTTP or any other service that allows data to be transmitted. With netcat, both small and large files can be copied very easily, including full partitions.
An alternative for sending files between two Linux machines is the netcat utility. On a remote station start it up with the option to wait on the information port while the other station sends the information to the IP and the port of the first station.
The netcat utility is used to create client-to-server connections. It can fulfill both server and client role.
To create a server that listens to connections on the TCP port 4444, we run the command:
user @ server: ~ # netcat -l 4444
The -l parameter means that netcat is in listen (server) mode, and 4444 is the port it listens to; netcat will create a socket server and wait for connections on port 4444. The terminal will remain on hold for a client to connect to the open server with netcat.
We can verify that a host service listens on port 4444. We need to open a new terminal to the host station and run the command:
user @ server: ~ # netstat -tlnp
Active Internet connections (only servers)
The netstat command displays TCP services waiting for local station connections. We notice that the netcat program listens on port 4444. The options of the netstat command are:
t – displays TCP connections
l – shows the services that are waiting for (listen) connections
n – disables name resolution for IP addresses and ports; we typically disable name resolution to eliminate the latency of the resolving process;
p – displays the name and PID of the network service process that awaits connections on the given port.
In construction display 0.0.0.0:4444 in the Local Address column means that the service listens to connections on all IP addresses/system interfaces available on port 4444.
In the newly opened terminal to the host station, connect to the newly created service. Use the entire netcat command in client mode for this:
user @ server: ~ # netcat localhost 4444
The command created a client socket and connected to the above service (TCP connection on port 4444). The command is still waiting for user input. The messages we write will be sent to the server that will display them at the standard output. Write a few lines and notice their display on the server side. Close using the Ctrl + d key combination. The server closes.
On the host station, follow the steps above for UDP:
1. Create a server that listens to UDP packets on port 4444;
2. List the services that listen to UDP packages on the host station;
3. Start a UDP client and communicate with the above server.