Commands

Top 10 Netcat Commands for Advanced Networking

Anil K··4 min read
#netcat#nc#networking#troubleshooting#tcp#udp#port-scanning#sysadmin#commands
Terminal window showing a netcat session over TCP

Netcat (nc) is the Swiss-army knife for TCP/UDP work. It's small, scriptable, and still one of the fastest ways to answer "is the port open?", "does this service actually respond?", or "can I move this file across a trusted network right now?". Below are ten commands worth keeping in muscle memory.

1. Simple TCP Client Connect

Connect to a remote TCP service to test reachability, banner, or basic protocol behaviour.

nc example.com 80
  • HOST — hostname or IP
  • PORT — destination port

Use case: Quickly verify that a service is listening and responds. Type HTTP or SMTP commands directly to inspect raw responses.

2. Listen Mode (Server)

Start a TCP listener to accept incoming connections — useful for quick servers, file receives, or reverse shells.

nc -l -p 4444
  • -l — listen mode
  • -p PORT — local port to bind

Use case: Accept a client connection for testing or file transfer. Use only on trusted networks.

3. UDP Mode

Use UDP instead of TCP to test UDP services and protocols.

nc -u -l -p 53
  • -u — use UDP
  • -l — listen

Use case: Test DNS servers, syslog over UDP, or custom UDP-based services.

4. Zero I/O Mode (Port Scanning)

Scan a range of ports by checking which ports accept connections without sending data.

nc -z -v example.com 20-1024
  • -z — zero I/O (scan only)
  • -v — verbose

Use case: Quick port discovery during troubleshooting; not a full replacement for nmap but handy for scripts.

5. Bind to Specific Local Interface

Choose the source IP/interface for outgoing connections — useful on multi-homed hosts or when testing routing.

nc -s 192.168.1.10 example.com 80
  • -s ADDR — source IP to bind

Use case: Validate path selection, test firewall rules per interface, or simulate traffic from a specific NIC.

6. Execute Program on Connect

Run a local program (e.g., a shell) when a connection is established. Many builds omit this flag for safety.

nc -l -p 4444 -e /bin/bash
  • -e PROG — execute program after connect

Use case: Create a quick remote shell for controlled testing. Prefer SSH for secure production access.

7. Keep Listening After Disconnect

Allow the listener to accept multiple sequential connections without restarting.

nc -k -l -p 8080
  • -k — keep listening
  • -l — listen

Use case: Useful for simple persistent services or repeated client testing sessions.

8. Timeouts and Connection Control

Set connection and I/O timeouts to avoid hanging operations in scripts or tests.

nc -w 5 example.com 22
nc -q 2 -l -p 1234
  • -w SECS — timeout for connects and final reads
  • -q SECS — quit after SECS once stdin EOF

Use case: Use in automation to ensure tests fail fast or to close listeners after a grace period.

9. Transfer Files Between Hosts

Send or receive files over a raw TCP connection using shell redirection — simple and scriptable for trusted networks.

# Sender
nc -l -p 9000 < file.tar.gz

# Receiver
nc host.example.com 9000 > file.tar.gz

Use case: Quick file transfer in maintenance windows or isolated networks. Use checksums and encryption for integrity and confidentiality.

10. IPv4 / IPv6 Selection and Numeric Addresses

Force IPv4/IPv6 or skip DNS lookups to avoid dual-stack ambiguity or DNS issues.

nc -4 192.0.2.10 80
nc -6 [2001:db8::1] 80
nc -n example.com 80
  • -4 — force IPv4
  • -6 — force IPv6
  • -n — numeric-only, skip DNS

Use case: Resolve routing or DNS issues by forcing address family or bypassing DNS lookups for predictable behaviour.

Quick Reference

Flag Meaning
-l Listen mode (server)
-p PORT Local port to bind
-u Use UDP
-z Zero I/O (scan only)
-e PROG Execute program after connect (not in all builds)
-k Keep listening after disconnect
-s ADDR Bind source IP
-w SECS Timeouts for connect and final reads
-q SECS Quit after SECS once stdin EOF
-n Numeric-only, skip DNS
-4 / -6 Force IPv4 or IPv6

Security note: Netcat can create remote shells and transfer files. Use it only on systems and networks you control. Prefer SSH and encrypted tunnels for production remote access. Some netcat variants — notably the OpenBSD rewrite shipped on most modern Linux distros — intentionally omit dangerous flags like -e. When you need the executable variant on Debian/Ubuntu, install ncat from the Nmap project instead.

Found this useful? Give it a like.

Stay in the loop

New articles on AI, Cybersecurity, and PKI — delivered to your inbox.

← Back to Commands