CertTools Logo
CertTools

netcat (nc) Commands

Network debugging and testing tool for port connectivity, banner grabbing, and TLS connection testing

Basic Connection Testing

Test TCP connection to port

nc -zv example.com 443

Check if port 443 is open. -z scans without sending data, -v verbose output. Quick port availability check.

Test port range

nc -zv example.com 80-443

Scan range of ports to find open services. Shows which ports accept connections.

Connect to HTTP port

nc example.com 80

Open interactive connection to HTTP port. Type commands manually to interact with server.

Test with timeout

nc -w 5 -zv example.com 443

Set 5-second timeout for connection attempt. Prevents hanging on unresponsive hosts.

Banner Grabbing and Service Detection

Grab HTTP server banner

echo -e "HEAD / HTTP/1.0\r\n\r\n" | nc example.com 80

Send HTTP HEAD request to identify web server version and headers. Useful for fingerprinting.

Test SMTP server

nc example.com 25

Connect to SMTP and see server banner. Type EHLO example.com to see supported features.

Check FTP server

nc example.com 21

View FTP server banner and version. Identify FTP server software.

Test SSH server

nc example.com 22

Get SSH protocol version and server identification. Shows SSH-2.0-OpenSSH_x.x format.

HTTPS and TLS Testing

Test HTTPS port availability

nc -zv example.com 443

Verify HTTPS port is listening. Does not perform TLS handshake, just TCP connection.

Test TLS connection with openssl

echo | openssl s_client -connect example.com:443 2>&1 | head -20

Use openssl s_client instead of nc for TLS. Shows certificate and connection details.

Test alternative HTTPS ports

nc -zv example.com 8443

Check non-standard HTTPS ports (8443, 8080, etc). Useful for testing alternative configurations.

File Transfer and Data Transmission

Send file to remote host

# Receiver (listening)
nc -l 9999 > received_file.txt

# Sender
nc remote_host 9999 < file_to_send.txt

Simple file transfer without encryption. Receiver listens, sender connects and transmits.

Create simple chat

# Host A
nc -l 9999

# Host B
nc host_a 9999

Bidirectional communication. Type messages on either side. Useful for testing connectivity.

Stream data from command

tar czf - /path/to/dir | nc remote_host 9999

Pipe command output through netcat. Combine with tar for directory transfers.

Port Listening and Server Simulation

Listen on specific port

nc -l 9999

Start listening server on port 9999. Accepts connections and displays received data.

Listen and keep alive (multiple connections)

nc -lk 9999

Keep listening after client disconnects. -k flag allows multiple connections.

Listen on specific interface

nc -l -s 192.168.1.10 9999

Bind listener to specific IP address. Useful on multi-homed hosts.

Serve HTTP response

while true; do
  echo -e "HTTP/1.1 200 OK\r\n\r\nHello World" | nc -l 8080
done

Simple HTTP server for testing. Returns basic HTTP response to browser requests.

UDP Mode

Test UDP port

nc -uv example.com 53

Connect using UDP instead of TCP. Test DNS or other UDP services.

Listen on UDP port

nc -ul 9999

UDP listener. Receive UDP packets on specified port.

Send UDP packet

echo "test" | nc -u example.com 9999

Send single UDP datagram. Useful for testing UDP services.

Practical Examples

Test if server accepts HTTPS connections

nc -zv -w 3 example.com 443 && echo "Port 443 is open" || echo "Port 443 is closed"

Quick connectivity check before attempting SSL/TLS connection.

Test firewall rules

# From inside firewall
nc -l 9999

# From outside firewall
nc -zv external_ip 9999

Verify port forwarding and firewall rules. Check if external port is accessible.

Check multiple certificate-related ports

for port in 80 443 8080 8443; do
  echo "Testing port $port..."
  nc -zv -w 2 example.com $port
done

Scan common HTTP/HTTPS ports to find active web services.

Debug ACME HTTP-01 challenge

echo -e "GET /.well-known/acme-challenge/test HTTP/1.0\r\nHost: example.com\r\n\r\n" | nc example.com 80

Test Let's Encrypt HTTP-01 challenge availability. Verify web server serves .well-known directory.

See Also

tcpdump Commands
Packet capture and analysis
nmap Commands
Port scanning and service detection
traceroute Commands
Network path analysis

Important Notes

No Built-in TLS Support

netcat doesn't support TLS/SSL natively. Use openssl s_client for HTTPS testing or ncat (nmap's netcat) which includes SSL support.

Version Differences

Different netcat implementations exist (BSD nc, GNU nc, ncat). Options may vary. Check man nc for your version.

Security Warning

Data transmitted via netcat is unencrypted. Don't send sensitive information without additional encryption layer.

Firewall Restrictions

Many firewalls block netcat's default behavior. May need appropriate firewall rules for listening mode.

Alternative: ncat

Consider using ncat (part of nmap) for SSL/TLS support, proxy capabilities, and additional features: ncat --ssl example.com 443

Port Permissions

Listening on ports below 1024 requires root/administrator privileges. Use higher ports for testing.