Hello friends. Knowing the Linux terminal and its commands is a basic task of any sysadmin or DevOps. Therefore it is always good from time to time to know new commands and their utilities. This will allow us to have new functions that can solve a problem at any time. So, in this post, you will learn about the ncat command.
Introducing to the ncat command
According to the
man‘s description of
ncat we have the following
Ncat is a feature-packed networking utility that reads and writes data across networks from the command line.
Initially, Ncat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations. It is now a tool that adds many functions and is not necessarily tied to
For many Sysadmins, it is such a full-featured network utility that it reads and writes data across networks, i.e. a real Swiss Army Knife.
With Ncat we can among many other things:
- Chain ncats.
- TCP, UDP, and SCTP port forwarding to other sites.
- Proxy connections via SOCKS4 or HTTP proxies.
- Port scanning.
- Verification of connection to hosts via ports.
All this, providing SSL support for greater security in the transmitted data.
So, we can use Ncat for many things like network monitoring and some port monitoring. This then allows us to detect some network problems and fix them. It can also be used to audit the security of systems, web servers, mail servers, among others.
So, let’s go for it.
Install the Ncat command
Before using the command, we have to install it on the system.
In the case of Debian, Ubuntu, and some derivatives, it is usually installed by default, but you can make sure of this by running
sudo apt update sudo apt install ncat
On RHEL 7, CentOS 7 and derivatives
sudo yum install nmap-ncat
If you’re using RHEL 8, CentOS 8, AlmaLinux 8, RockyLinux 8
sudo dnf install nmap-ncat
This way you already have the package installed and can use the command.
Using the Ncat command
The command has many uses so let’s give you some useful examples of how to use it.
Knowing if a port is in use
To find out if a port is in use on the host, we can use the following syntax
ncat -l [host] [port]
Where in the
host field we can specify either the IP address of the server or directly the domain name.
This way we can find out which ports are running on the host quickly.
Another way to do this is as follows
ncat -vz [host] [port]
In this case, a test will be done and if the port is active, then the connection to it will be closed. This method is a bit more efficient.
Make a remote connection to a host
Similar to Telnet we can connect remotely to a host by specifying a port. To do this we must follow this syntax
ncat -v [host] [port]
ncat -v example.com 443
In this case, a remote connection will be made to the host on that port. And you will get an output screen similar to this one
Ncat: Connected to x.x.x.x.x:443
This indicates that the command worked correctly.
Making connections with the UDP protocol.
By default, Ncat uses
TCP to make test connections. But it is possible to specify another protocol such as
UDP. To do so, just use the
-u option like this
ncat -l -u 161
Where in this case you will examine if your computer has the
Also, you can specify a host to do the check remotely.
ncat -v -u [host] [port]
Copy files remotely
Although for this case we have more specialized tools like
sftp we can also use Ncat for this although it is somewhat less likely.
First, you have to connect to the host and stream the file to it.
ncat -l 80 > file.txt
And now on the machine that will be sending the file run
ncat [host] --send-only < data.txt
data.txt refers to the file you want to send. The above command will send it and close the connection to the host.
Port forwarding with Ncat
To forward ports using this tool, you can follow this syntax.
ncat -u -l [port1] -c 'ncat -u -l [port2]'
In this simple way, you can redirect all traffic from
So you can use the Ncat command in a basic way but again there are many different options you can use,