Linux Netcat Listener - linux

I am trying to understand why netcat listener isn't working in my Kali Linux VM. From what I understand,I open a terminal and open the port.
nc -l 155
Then, I open another terminal within my VM and use the following command to connect to that port number.
nc 127.0.0.1 155 (loopback IP address and same port number)
It was unsuccessful and since I am just a newbie in this field, I was hoping to get some assistance on this issue. However, I found a new way to execute this command but I am not understanding the logic behind why this new way works and not the original method that I learned in class. Thank you for your help in advance!

First of all, to elevate your self from newbie status, you have to understand what errors mean. "it was unsuccessful" is an insufficient description of your results for any real debugging. Probably, what happened was a valuable clue to the issue - you should have included that information. Furthermore, you really have to get your commands in the quetsion exactly right. Don't say you did one thing, then post a screenshot of something else happening. I'm not sure what the -e is supposed to be doing, but I don't find any record of it in my osx implementation or online man pages.
Different builds or implementations of netcat could differ, but from what I'm seeing from a netcat on my osx box, -p is not the right way to specify destination port.
$ nc localhost -p 1055
nc: missing hostname and port
usage: nc [-46AacCDdEFhklMnOortUuvz] [-K tc] [-b boundif] [-i interval] [-p source_port] [--apple-delegate-pid pid] [--apple-delegate-uuid uuid]
[-s source_ip_address] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
-p specifies source port. You don't usually need to specify this. Furthermore, you can't have a source and destination of the socket on the same box on the same port. Usually source port doesn't need to be specified.
Finally, ports under 1024 can only be allocated as root. Like most linux professionals, I don't run anything as root unless I really have to, so I changed to 1055 for this demonstration. One nc each in a termina window, typing messages in one print out the other side. Observe:
$ nc -l 1055
hi world
hi yourself, world!
$ nc localhost 1055
hi world
hi yourself, world!

server: nc -l ${port} > ${file}
local: nc ${ip} -z ${port} < ${file}

Related

nc: invalid option -- 'z'

On RHEL 7.2 OS, I get following error when trying to run nc commnad
nc -z -v -w1 host port
nc: invalid option -- 'z'
Ncat: Try `--help' or man(1) ncat for more information, usage options and help. QUITTING.
Is there any alternative to it
maybe nc is a link to ncat, use the commands to checkļ¼š
which nc | xargs ls -l
if the nc is linked to ncat,you should relink nc to netcat, if netcat is not installed, refer the website:http://netcat.sourceforge.net/download.php
It seems the old version of nc is being phased out everywhere in favour of Nmap Ncat. Unfortunately this doesn't have the rather useful -z option.
One way to get equivalent functionality (test whether the target host is listening on a given port) is to transform this:
nc -z hostname port
Into this:
cat /dev/null | nc hostname port
You might also want to add in an option like -w 1s to avoid the long default timeout.
There might be a cleaner combination of options that avoids the need for the /dev/null but I couldn't figure out what.
I've also seen talk of using tcping to do the same thing, but that doesn't seem to be available on all distros.
On the newer RHEL 7 nc is a link to ncat, while you may be used to nc on the older RHEL6 and below.
ncat seems not to have the -z option, and being a different project having a look at it's man page is a good idea, or at least examine it's internal help
ncat -h

How can I find available but unoccupied ports on a Linux box?

Specifically RHEL 6.5
It's a Dev box and we have certain port ranges we are permitted for development use.
...unfortunately, getting a tech's attention to find out what ports are available is like pulling teeth. Would prefer a script or alias that does this so that we don't have to ask all the time. Clues? Is this an iptables command or is it a netstat command or some weird combo? nmap is not available on this machine.
Please don't say this is a Server Fault question. They say it's a programming question. :-|
Definitely a SF question but here we go. From the dev box itself (command line) you should be able to see what ports are in use with the netstat tool.
To see the list of listening ports both UDP and TCP, complete with the program names:
# preferably as root
netstat --listening --program --numeric-ports --protocol=ip -6 -4
From another machine, you can use nmap or a similar tool to see what ports are open/listening by scanning the IP address assigned to the dev box. Before trying this, maybe you should ask for permission. Also, you should consider that the box in question might have firewall rules in place that can thwart your scanning attempts.
To see what firewall rules are in place in the dev box try:
# as root
iptables -nvxL -t filter
# maybe there are NAT rules, redirects to other addresses, etc.
iptables -nvxL -t nat
To see what these iptables options do, try man iptables.
As an example, assuming 172.16.0.1 is the IP address assigned to the dev box, to run nmap in the simplest way possible:
# preferably as root
nmap -v 172.16.0.1
In a few minutes you should see a list of ports/services listening in that relevant box.
Try man nmap and read the documentation for more details.
If you really think this is a programming issue, you can use the netcat tool and program a simple script to do something roughly equivalent to what nmap does.
#!/bin/bash
#
# DISCLAIMER: NOT TESTED -- just an example
# NOTE: This will take many DAYS to complete
HOST=172.16.0.1
for port in `seq 1 65535`
do
echo "Trying ${port}..."
netcat -vvv ${HOST} $port -w 1 -z
done
For every open TCP port you should see a line similar to this:
Connection to 172.16.0.1 23 port [tcp/telnet] succeeded!

netcat proxy shell issue on linux

I am trying to follow a number of recipes which use netcat or ideally knc (kerberos netcat) to create a proxy; either to look at what is being piped through the proxy for debugging or to create an kerberos authenticated link over which I can tunnel some java based tcp server-to-server traffic.
Taking this example http://notes.tweakblogs.net/blog/7955/using-netcat-to-build-a-simple-tcp-proxy-in-linux.html the pattern seems to be something like:
mkfifo fifo
nc -l -p 8080 <fifo | nc tweakers.net 80 >fifo
Yet that gives the error:
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Yet if I run ether side of the pipe alone I get no error:
nc -l -p 8080 <fifo
nc tweakers.net 80 >fifo
What am I missing to get this to work?
I am running Red Hat Enterprise Linux Server release 6.2 (Santiago) either bash or ksh.
Annoyingly it was the -p option which was tripping things up. The following command runs fine:
nc -l 8080 <fifo | nc somehost.com 80 >fifo
Then in another shell doing
telnet localhost 8080
get /
works fine.

unix netcat utility on linux, checking if connection was made

I am using netcat utility on linux to receive outputs from a program on a windows machine. My problem being that the program on the windows machine does not always give an output.
How can i check that either a connection has been made to netcat ?
What i am doing till now is "nc -l -v 9103 > output" then i check the size of output, the problem this poses is that netcat only write to a file after a certain buffer size has been reached or a new line char is encountered, so some cases evne though a connection has been made the file size is detected as zero.
How can i check if someone has made a connection with netcat.
I tried using
nc -l -v -e someprog.exe 9103 > output
but my netcat doesnt seem to support this
below are the options i have
$ nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-D Enable the debug socket option
-d Detach from stdin
-h This help text
-i secs Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-n Suppress name/port resolutions
-p port Specify local port for remote connects
-r Randomize remote ports
-s addr Local source address
-T ToS Set IP Type of Service
-C Send CRLF as line-ending
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-v Verbose
-w secs Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]
verbose mode will write connectivity to stderr, and you can redirect stderr to a file, the verbose log has something like
connect to [xxx] from [xxxx]
try
nc -l -v -p 9103 -k 1> output 2>connect.log
and monitor connect.log for connectivity
if you don't use -k , netcat quits after 1st connection.
If you can upgrade your copy of netcat: the modern versions (1.10, for one) have an option to execute a program (or a shell command) upon connect. Otherwise, you can make the netcat think it runs in a terminal (to disable buffering of stdout), by using for example script (it just saves everything on stdin/stdout/stderr in the given file). Or use logging features of screen and tmux.

Simple Socket Server in Bash?

Is there a way to quickly bind to a TCP port/ip address and simply print out all information to STDOUT? I have a simple debugging solution which writes things to 127.0.0.1:4444 and I'd like to be able to simply bind up a port from bash and print everything that comes across. Is there an easy way to do this?
$ nc -k -l 4444 > filename.out
see nc(1)
Just because you asked how to do it in bash, though netcat answer is very valid:
$ exec 3<>/dev/tcp/127.0.0.1/4444
$ cat <&3
That is working as you expecting:
nc -k -l 4444 |bash
and then you
echo "ls" >/dev/tcp/127.0.0.1/4444
then you see the listing performed by bash.
[A Brief Security Warning]
Of course if you leave a thing like this running on your computer, you have a wide open gateway for all kinds of attacks because commands can be sent from any user account on any host in your network. This implements no security (authentication, identification) whatsoever and sends all transmitted commands unencrypted over the network, so it can very easily be abused.
Adding an answer using ncat that #Freedom_Ben alluded to:
ncat -k -l 127.0.0.1 4444
and explanation of options from man ncat:
-k, --keep-open Accept multiple connections in listen mode
-l, --listen Bind and listen for incoming connections

Resources