netcat (nc) — The TCP/IP Swiss Army Knife
Practical guide to netcat (nc) — read and write raw TCP and UDP connections, scan ports, transfer files, and debug network services from the command line.
netcat (nc) is the TCP/IP Swiss Army knife: a single command lets you read and write raw data across TCP and UDP connections, scan ports, transfer files between machines, and debug network services straight from the shell. Available on virtually every Unix system without extra dependencies, nc is the first tool administrators reach for when something on the network needs a quick check. This guide covers the most useful options for legitimate admin and diagnostic work – from a fast port scan to a compressed directory transfer.
TCP Connections
nc <host> <port> — Connect to a TCP port.
nc example.com 80nc -v <host> <port> — Connect with verbose output.
nc -v example.com 443nc -z <host> <port> — Port scan: check if a port is open (no data sent).
nc -zv example.com 80nc -z <host> <start>-<end> — Scan a range of ports.
nc -zv localhost 3000-3100nc -w <seconds> <host> <port> — Set a connection timeout.
nc -w 5 -zv example.com 443Listen & Server
nc -l <port> — Listen on a TCP port (simple server).
nc -l 8080nc -lk <port> — Listen and keep accepting connections (persistent).
nc -lk 8080nc -l <port> > <file> — Listen and save received data to a file.
nc -l 9999 > received.tar.gznc <host> <port> < <file> — Send a file to a listening netcat.
nc 192.168.1.10 9999 < backup.tar.gzUDP
nc -u <host> <port> — Connect via UDP instead of TCP.
nc -u localhost 5000nc -lu <port> — Listen for UDP packets.
nc -lu 5000echo '<data>' | nc -u <host> <port> — Send a UDP message.
echo 'test message' | nc -u localhost 5000HTTP & Testing
echo -e 'GET / HTTP/1.1\r\nHost: <host>\r\n\r\n' | nc <host> 80 — Send a raw HTTP GET request.
echo -e 'GET / HTTP/1.1\r\nHost: example.com\r\n\r\n' | nc example.com 80nc -l 8080 <<< 'HTTP/1.1 200 OK\r\n\r\nHello' — Create a minimal one-shot HTTP server.
while true; do echo -e 'HTTP/1.1 200 OK\r\n\r\nHello' | nc -l 8080; doneecho 'QUIT' | nc <host> 25 — Test if an SMTP server is responding.
echo 'QUIT' | nc -w 3 mail.example.com 25File Transfer
nc -l <port> > <file> (receiver) — Receive a file (run on destination machine).
nc -l 9999 > backup.tar.gznc <host> <port> < <file> (sender) — Send a file (run on source machine).
nc 192.168.1.10 9999 < backup.tar.gztar czf - <dir> | nc <host> <port> — Send a directory as a compressed stream.
tar czf - project/ | nc 192.168.1.10 9999nc -l <port> | tar xzf - — Receive and extract a compressed stream.
nc -l 9999 | tar xzf -Common Patterns
nc -zv <host> <port> 2>&1 | grep succeeded — Quick connectivity check (script-friendly).
nc -zv db.example.com 5432 2>&1 | grep succeedednc -l <port> -e /bin/bash — Bind a shell to a port (for authorized testing only; netcat-traditional or ncat only; not in OpenBSD nc).
nc -l 4444 -e /bin/bashnc -l <local-port> | nc <remote-host> <remote-port> — Simple TCP proxy / relay.
nc -l 8080 | nc backend.local 3000echo -n | nc -w 1 <host> <port> && echo 'open' || echo 'closed' — Quick port check with open/closed output.
echo -n | nc -w 1 localhost 3306 && echo 'MySQL open' || echo 'MySQL closed'Conclusion
netcat remains indispensable because it needs neither extra dependencies nor elevated privileges: a single nc command handles port checks, quick LAN file transfers, and debugging new network services. When you need TLS support, multiple concurrent connections, or proxy features, reach for socat as the more capable alternative.
Further Reading
- Netcat – Wikipedia – background and history
- nc(1) – manual page – every option at a glance