April 12, 2010

Ncat: The Network Swiss Army Knife


You may already be familiar with the cat utility, which can send files to standard input and output. Ncat does something similar, except it's for sending data over the network or accepting data to a local machine. In the right hands, ncat can be an extremely useful tool for system administration and troubleshooting.

Setting up Ncat should be pretty easy. It's packaged for most major Linux distributions, so no compiling should be required. Depending on the distro, it might be packaged separately or as part of the Nmap suite. Ncat is part of the nmap package on Ubuntu 9.10, and is ncat on openSUSE. Note that you may also run into variations of ncat called Netcat and others. It has been implemented in a number of ways, but ncat is probably the most popular version in use today. You can do mostly the same things with other versions, but the options may differ

Ncat is also available for other platforms. If you're working with a mixed network, check out Nmap.org's download page to find source code and binaries for other operating systems.

Let's take a quick look at some of the things that ncat can do.

Copying Files

You can use ncat to transfer files over the network in the absence of SSH/SFTP or FTP. I don't really recommend it as a long-term substitute, but you can do it. Here's how: On the machine to copy the file to, run ncat -l 8080 > test.txt and on the machine to copy from, use ncat remotehost 8080 --send-only < filename.

If you omit --send-only, then ncat will just keep the connection open until you press Ctrl-c on one of the machines.

So, why would you use ncat rather than tried and true scp or sftp or any other method of copying files? Primarily, this is a last-ditch method when one of the machines may not have SSH installed or when a user doesn't have access to the remote system. Want to let a friend or client copy a file that's too large to email to your server or desktop without having to create an account for them? Use ncat.

Another use case is copying the output of a command directly to another machine rather than creating a file locally and then transferring it. You can actually do all kinds of interesting things using ncat to copy data between hosts, up to and including copying entire disk images. Rather than creating files from a disk image, you could simply use ncat to copy an entire partition over a network connection directly to a partition. Use with caution!

Testing Services

My favorite use of ncat is as a way to test how services are behaving. If you want to "talk" directly to a service over the network, ncat can be used to connect directly to the port that you're working with so you can manually query the service.

For instance, you could use ncat to test SMTP, POP3, IMAP, HTTP, or just about any other service where you can "speak" the protocol. For instance, if you wanted to send an email to test an SMTP server you could connect to the server with ncat mail.localhost.net 25 and then follow the standard script to send mail.

Want to see the headers sent by a Web server? Connect to the server with ncat servername.com 80 and then send the following commands:


GET /pagename HTTP/1.1
host: www.servername.com

The blank line is where you hit Enter again after the second line. You should see something like this:


HTTP/1.1 200 OK
Date: Sun, 28 Mar 2010 02:53:55 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.10
Set-Cookie: bb2_screener_=1269744842+; path=/
X-Pingback: http://www.host.net/xmlrpc.php
Link: <http://wp.me/kH9O>; rel=shortlink
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

But what if you want to see what your browser sends to a server. You can do that too. Run ncat on your local machine like so: ncat -l 8080 < filename > browserheaders.txt and then point your browser to localhost:8080. Note that you can omit sending a file to the browser, but you'll get fewer results. You should see something like this:


GET / HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100214 Linux Mint/8 (Helena) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

If you want a full-fledged network sniffer, then you might want to look at tcpdump instead. But for a quick header check or talking to network services to get a health check, you want to know your way around ncat.

All in all, ncat is an extremely useful tool to have around. It's a fairly complex tool that has well more options than I've touched on here. If it sounds interesting, be sure to read up on the Ncat Users' Guide to learn all about what ncat can do for you.

Click Here!