| version 1.27, 2004/01/22 13:28:46 |
version 1.28, 2004/02/20 10:53:10 |
|
|
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| .Nm nc |
.Nm nc |
| .Nd "arbitrary TCP and UDP connections and listens" |
.Nd arbitrary TCP and UDP connections and listens |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm nc |
.Nm nc |
| .Op Fl 46hklnrtuvzSU |
.Op Fl 46hklnrStUuvz |
| .Op Fl i Ar interval |
.Op Fl i Ar interval |
| .Op Fl p Ar source port |
.Op Fl p Ar source_port |
| .Op Fl s Ar source ip address |
.Op Fl s Ar source_ip_address |
| .Op Fl x Ar proxy address Op :port |
|
| .Op Fl w Ar timeout |
.Op Fl w Ar timeout |
| .Op Fl X Ar socks version |
.Op Fl X Ar socks_version |
| |
.Oo Xo |
| |
.Fl x Ar proxy_address Ns Oo : Ns |
| |
.Ar port Oc Oc |
| |
.Xc |
| .Op Ar hostname |
.Op Ar hostname |
| .Op Ar port[s] |
.Op Ar port Ns Bq Ar s |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| The |
The |
| .Nm |
.Nm |
|
|
| .It |
.It |
| simple TCP proxies |
simple TCP proxies |
| .It |
.It |
| shell\-script based HTTP clients and servers |
shell-script based HTTP clients and servers |
| .It |
.It |
| network daemon testing |
network daemon testing |
| .It |
.It |
|
|
| .Nm |
.Nm |
| to stay listening for another connection after its current connection |
to stay listening for another connection after its current connection |
| is completed. |
is completed. |
| |
It is an error to use this option without the |
| |
.Fl l |
| |
option. |
| .It Fl l |
.It Fl l |
| Used to specify that |
Used to specify that |
| .Nm |
.Nm |
| should listen for an incoming connection rather than initiate a |
should listen for an incoming connection rather than initiate a |
| connection to a remote host. |
connection to a remote host. |
| |
It is an error to use this option in conjunction with the |
| |
.Fl p , |
| |
.Fl s , |
| |
or |
| |
.Fl z |
| |
options. |
| .It Fl n |
.It Fl n |
| Do not do any DNS or service lookups on any specified addresses, |
Do not do any DNS or service lookups on any specified addresses, |
| hostnames or ports. |
hostnames or ports. |
| .It Fl p Ar port |
.It Fl p Ar source_port |
| Specifies the source port |
Specifies the source port |
| .Nm |
.Nm |
| should use, subject to privilege restrictions and availability. |
should use, subject to privilege restrictions and availability. |
| |
It is an error to use this option in conjunction with the |
| |
.Fl l |
| |
option. |
| .It Fl r |
.It Fl r |
| Specifies that source and/or destination ports should be chosen randomly |
Specifies that source and/or destination ports should be chosen randomly |
| instead of sequentially within a range or in the order that the system |
instead of sequentially within a range or in the order that the system |
| assigns them. |
assigns them. |
| .It Fl s Ar hostname/ip address |
.It Fl S |
| |
Enables the RFC 2385 TCP MD5 signature option. |
| |
.It Fl s Ar source_ip_address |
| Specifies the IP of the interface which is used to send the packets. |
Specifies the IP of the interface which is used to send the packets. |
| |
It is an error to use this option in conjunction with the |
| |
.Fl l |
| |
option. |
| .It Fl t |
.It Fl t |
| Causes |
Causes |
| .Nm |
.Nm |
|
|
| This makes it possible to use |
This makes it possible to use |
| .Nm |
.Nm |
| to script telnet sessions. |
to script telnet sessions. |
| |
.It Fl U |
| |
Specifies to use Unix Domain Sockets. |
| .It Fl u |
.It Fl u |
| Use UDP instead of the default option of TCP. |
Use UDP instead of the default option of TCP. |
| .It Fl v |
.It Fl v |
|
|
| .Fl w |
.Fl w |
| flag. |
flag. |
| The default is no timeout. |
The default is no timeout. |
| .It Fl x Ar proxy address Op :port |
.It Fl X Ar socks_version |
| Requests that |
Requests that |
| .Nm |
.Nm |
| |
should use the specified version of the SOCKS protocol when talking to |
| |
a SOCKS proxy. |
| |
SOCKS versions 4 and 5 are currently supported. |
| |
If the version is not specified, SOCKS version 5 is used. |
| |
.It Xo |
| |
.Fl x Ar proxy_address Ns Oo : Ns |
| |
.Ar port Oc |
| |
.Xc |
| |
Requests that |
| |
.Nm |
| should connect to |
should connect to |
| .Ar hostname |
.Ar hostname |
| using a SOCKS proxy at address and port. |
using a SOCKS proxy at |
| If port is not specified, port 1080 is used. |
.Ar proxy_address |
| |
and |
| |
.Ar port . |
| |
If |
| |
.Ar port |
| |
is not specified, port 1080 is used. |
| .It Fl z |
.It Fl z |
| Specifies that |
Specifies that |
| .Nm |
.Nm |
| should just scan for listening daemons, without sending any data to them. |
should just scan for listening daemons, without sending any data to them. |
| .It Fl S |
It is an error to use this option in conjunction with the |
| Enables the RFC 2385 TCP MD5 signature option. |
.Fl l |
| .It Fl U |
option. |
| Specifies to use Unix Domain Sockets. |
|
| .It Fl X Ar version |
|
| Requests that |
|
| .Nm |
|
| should use the specified version of the SOCKS protocol when talking to |
|
| a SOCKS proxy. |
|
| If version is not specified, SOCKS version 5 is used. |
|
| .El |
.El |
| |
.Sh CLIENT/SERVER MODEL |
| |
It is quite simple to build a very basic client/server model using |
| |
.Nm . |
| |
On one console, start |
| |
.Nm |
| |
listening on a specific port for a connection. |
| |
For example: |
| |
.Pp |
| |
.Dl $ nc -l 1234 |
| |
.Pp |
| |
.Nm |
| |
is now listening on port 1234 for a connection. |
| |
On a second console |
| |
.Pq or a second machine , |
| |
connect to the machine and port being listened on: |
| |
.Pp |
| |
.Dl $ nc 127.0.0.1 1234 |
| |
.Pp |
| |
There should now be a connection between the ports. |
| |
Anything typed at the second console will be concatenated to the first, |
| |
and vice-versa. |
| |
After the connection has been set up, |
| |
.Nm |
| |
does not really care which side is being used as a |
| |
.Sq server |
| |
and which side is being used as a |
| |
.Sq client . |
| |
The connection may be terminated using an |
| |
.Dv EOF |
| |
.Pq Sq ^D . |
| |
.Sh DATA TRANSFER |
| |
The example in the previous section can be expanded to build a |
| |
basic data transfer model. |
| |
Any information input into one end of the connection will be output |
| |
to the other end, and input and output can be easily captured in order to |
| |
emulate file transfer. |
| |
.Pp |
| |
Start by using |
| |
.Nm |
| |
to listen on a specific port, with output captured into a file: |
| |
.Pp |
| |
.Dl $ nc -l 1234 \*(Gt filename.out |
| |
.Pp |
| |
Using a second machine, connect to the listening |
| |
.Nm |
| |
process, feeding it the file which is to be transferred: |
| |
.Pp |
| |
.Dl $ nc host.example.com 1234 \*(Lt filename.in |
| |
.Pp |
| |
After the file has been transferred, the connection will close automatically. |
| |
.Sh TALKING TO SERVERS |
| |
It is sometimes useful to talk to servers |
| |
.Dq by hand |
| |
rather than through a user interface. |
| |
It can aid in troubleshooting, |
| |
when it might be necessary to verify what data a server is sending |
| |
in response to commands issued by the client. |
| |
For example, to retrieve the home page of a web site: |
| |
.Pp |
| |
.Dl $ echo \&"GET\&" | nc host.example.com 80 |
| |
.Pp |
| |
Note that this also displays the headers sent by the web server. |
| |
They can be filtered, using a tool such as |
| |
.Xr sed 1 , |
| |
if necessary. |
| |
.Pp |
| |
More complicated examples can be built up when the user knows the format |
| |
of requests required by the server. |
| |
As another example, an email may be submitted to an SMTP server using: |
| |
.Bd -literal -offset indent |
| |
$ nc localhost 25 \*(Lt\*(Lt EOF |
| |
HELO host.example.com |
| |
MAIL FROM: \*(Ltuser@host.example.com\*(Gt |
| |
RCPT TO: \*(Ltuser2@host.example.com\*(Gt |
| |
DATA |
| |
Body of email. |
| |
\&. |
| |
QUIT |
| |
EOF |
| |
.Ed |
| |
.Sh PORT SCANNING |
| |
It may be useful to know which ports are open and running services on |
| |
a target machine. |
| |
The |
| |
.Fl z |
| |
flag can be used to tell |
| |
.Nm |
| |
not to initiate a connection, |
| |
together with the |
| |
.Fl v |
| |
.Pq verbose |
| |
flag, |
| |
to report open ports. |
| |
For example: |
| |
.Bd -literal -offset indent |
| |
$ nc -vz host.example.com 20-30 |
| |
Connection to host.example.com 22 port [tcp/ssh] succeeded! |
| |
Connection to host.example.com 25 port [tcp/smtp] succeeded! |
| |
.Ed |
| |
.Pp |
| |
The port range was specified to limit the search to ports 20 \- 30. |
| |
.Pp |
| |
Alternatively, it might be useful to know which server software |
| |
is running, and which versions. |
| |
This information is often contained within the greeting banners. |
| |
In order to retrieve these, it is necessary to first make a connection, |
| |
and then break the connection when the banner has been retrieved. |
| |
This can be accomplished by specifying a small timeout with the |
| |
.Fl w |
| |
flag, or perhaps by issuing a |
| |
.Qq Dv QUIT |
| |
command to the server: |
| |
.Bd -literal -offset indent |
| |
$ echo "QUIT" | nc host.example.com 20-30 |
| |
SSH-1.99-OpenSSH_3.6.1p2 |
| |
Protocol mismatch. |
| |
220 host.example.com IMS SMTP Receiver Version 0.84 Ready |
| |
.Ed |
| .Sh EXAMPLES |
.Sh EXAMPLES |
| .Bl -tag -width x |
Open a TCP connection to port 42 of hostname, using port 31337 as |
| .It Li "$ nc hostname 42" |
the source port, with a timeout of 5 seconds: |
| Open a TCP connection to port 42 of hostname. |
.Pp |
| .It Li "$ nc -p 31337 hostname 42" |
.Dl $ nc -p 31337 -w 5 hostname 42 |
| Open a TCP connection to port 42 of hostname, and use port 31337 as |
.Pp |
| the source port. |
Open a UDP connection to port 53 of hostname: |
| .It Li "$ nc -w 5 hostname 42" |
.Pp |
| Open a TCP connection to port 42 of hostname, and timeout after |
.Dl $ nc -u hostname 53 |
| five seconds while attempting to connect. |
.Pp |
| .It Li "$ nc -u hostname 53" |
|
| Open a UDP connection to port 53 of hostname. |
|
| .It Li "$ nc -s 10.1.2.3 example.host 42" |
|
| Open a TCP connection to port 42 of example.host using 10.1.2.3 as the |
Open a TCP connection to port 42 of example.host using 10.1.2.3 as the |
| IP for the local end of the connection. |
IP for the local end of the connection: |
| .It Li "$ nc -v hostname 42" |
.Pp |
| Open a TCP connection to port 42 of hostname, displaying some |
.Dl $ nc -s 10.1.2.3 example.host 42 |
| diagnostic messages on stderr. |
.Pp |
| .It Li "$ nc -v -z hostname 20-30" |
|
| Attempt to open TCP connections to ports 20 through 30 of |
|
| hostname, and report which ones |
|
| .Nm |
|
| was able to connect to. |
|
| .It Li "$ nc -v -u -z -w 3 hostname 20-30" |
|
| Send UDP packets to ports 20-30 of example.host, and report which ones |
Send UDP packets to ports 20-30 of example.host, and report which ones |
| did not respond with an ICMP packet after three seconds. |
responded with an ICMP packet after three seconds: |
| .It Li "$ nc -l 3000" |
.Pp |
| Listen on TCP port 3000, and once there is a connection, send stdin to |
.Dl $ nc -uvz -w 3 hostname 20-30 |
| the remote host, and send data from the remote host to stdout. |
.Pp |
| .It Li "$ echo foobar | nc hostname 1000" |
Create and listen on a Unix Domain Socket: |
| Connect to port 1000 of hostname, send the string "foobar" |
.Pp |
| followed by a newline, and move data from port 1000 of hostname to |
.Dl $ nc -lU /var/tmp/dsocket |
| stdout until hostname closes the connection. |
|
| .It Li "$ nc -U /var/tmp/dsocket" |
|
| Connect to a Unix Domain Socket. |
|
| .It Li "$ nc -lU /var/tmp/dsocket" |
|
| Create and listen on a Unix Domain Socket. |
|
| .El |
|
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr cat 1 , |
.Xr cat 1 |
| .Xr telnet 1 |
|
| .Sh AUTHORS |
.Sh AUTHORS |
| Original implementation by *Hobbit* |
Original implementation by *Hobbit* |
| .Aq hobbit@avian.org . |
.Aq hobbit@avian.org . |
| .Pp |
.br |
| Rewritten with IPv6 support by Eric Jackson |
Rewritten with IPv6 support by |
| .Aq ericj@monkey.org . |
.An Eric Jackson Aq ericj@monkey.org . |
![[BACK]](/icons/back.gif){kind=icon}
Return to nc.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / nc