Testing network connections and computer communications has become increasingly complicated with the deluge of new networking products and server applications. Many network administrators rely on tools such as Ping, Telnet, and packet sniffers to diagnose and test network and server connections. Although these tools let you test network connections and probe remote machines, they don't let you open an arbitrary connection across your network (e.g., specifying both source and destination ports) or set up a temporary client-server connection to quickly copy a file or redirect output from an application on one machine to another. To solve these problems and more, consider using what many call the Swiss Army knife of the network and security administrator's toolkit—Netcat.
Netcat's elegant simplicity belies its power and utility. Let's discuss how to use this handy tool to open network connections, perform port scans, transfer files, and redirect standard input and output. Attackers have also used this tool to set up back doors and infiltrate computer networks. Regardless of whether you choose to add Netcat to your repertoire of security and network tools, you'll benefit from understanding the capabilities that this flexible tool provides.
Netcat's Beginnings
Developed in 1995 for UNIX systems and ported to Windows in 1998, Netcat lets administrators read to and write from custom TCP or UDP connections between remote hosts. You can run Netcat as a client to connect to applications on remote servers or start Netcat in listening mode to permit other network applications—even other Netcat sessions—to connect to it.
Netcat is free to download and use. You can download the UNIX/Linux or Windows versions of Netcat from @stake (http://www.atstake.com/research/tools/network_utilities). While you're at the Web site, read the Netcat README text file for an excellent detailed description of how and when to use the tool.
To get an even better sense of this tool's utility, download the Linux version and study the \scripts directory of the extracted distribution. These short, easy-to-understand scripts provide valuable insight into Netcat's various uses—good and bad. For example, one script uses Netcat to query multiple search engines for a particular word, and another script mimics a simple browser. Two other scripts show how to use Netcat as a proxy or relay for Web traffic. Although not everyone will find these sample scripts useful, they provide good insight into other Netcat applications and uses.
Manipulating I/O Across Networks
One of Netcat's tricks is to redirect a console's or command prompt's standard I/O to that system's network port, letting you perform ad hoc bidirectional communication over networks. Standard in (stdin) and standard out (stdout) streams are part of a computer system's standard I/O stream objects that provide input to an application or direct a program's output to a screen, file, or other device. (In addition to the stdin and stdout streams, a third stream, standard error—stderr—provides a mechanism for reporting errors without tainting the standard out stream.)
For example, on a Windows system, if you type
type sometextfile.txt
at a command prompt, the type utility accepts your command as an argument and processes the command and displays the contents of the sometextfile.txt file to stdout, which typically defaults to the screen. You can use the greater than (>) symbol to redirect the stdout to a file (e.g., type sometextfile.txt > anotherfile.txt). Netcat lets you extend I/O redirection across the network—either to other applications hosted on servers (e.g., a Web site) or to other Netcat servers running as listeners on any port.
Similarly, some applications support data input using stdin. For example, if you type
grep http<samefile.txt
the grep utility will search somefile.txt for the text http. Netcat supports both stdin and stdout.
Easy Installation
Both the Windows and Linux Netcat versions are written in C, and the code provides interesting reading if you want to learn more about programming socket-based network applications. The source code is fairly short and liberally commented, giving you a good idea of the required components (and frustrations involved) for programming networking applications.
The Windows version comes as a ready-to-run executable, but you must compile the Linux version for the platform on which you want it to run (e.g., BSD UNIX, Linux, other *nix variants). To install the Linux version, download and extract the .tar file to a Netcat directory. From that directory, run the command
make system name
where system name is the name of your platform (e.g., make Linux). Two optional compilation flags, -DTELNET and -DGAPING_SECURITY_HOLE, increase Netcat's functionality. The -DTELNET flag lets Netcat connect to Telnet servers; the ominous-sounding -DGAPING_SECURITY_HOLE flag lets you direct standard I/O from Netcat to a binary file on your system. To compile Netcat with these options on a Linux system, use the following make command:
make Linux DFLAGS="-DTELNET
-DGAPING_SECURITY_HOLE"
On Red Hat Linux 9 (and earlier versions), the downloaded Netcat source code fails to compile, complaining of an undefined reference to res_init. You can work around this glitch by commenting out the line in the netcat.c file that calls the res_init function. (This code is on or around line 1319 of the file.) Comment out the code by using /* and */ to surround the text res_init();, as follows:
/* can *you* say "cc -yaddayadda
netcat.c -lresolv -l44bsd"
on SunLOSs? */
/* res_init(); */
#endif
This code begins the compiling process and produces the Netcat binary file, nc. Copy the file to your preferred location (e.g., /usr/local/bin), and you're ready to use Netcat.