Problem solve Get help with specific problems with your technologies, process and projects.

Netcat: A security jack of all trades?

In this edition of Strom's Security Tool Shed, David Strom evaluates Netcat.

Netcat: A security jack of all trades?
By David Strom

Category: Network utility
Name of tool: Netcat 1.10
Company name: AtStake/L0pht
Price: Free
Platforms supported: Windows 95/98//NT/2000/Me and various Unix versionsf

**** = Very cool, very useful

Key features:

A versatile toolkit that can be used to probe your network for vulnerabilities and can serve as a foundation for network applications testing.

A command line tool only, you'll have to spend some time experimenting with its many uses. Documentation is thin.

If you want to learn more about your corporation's network security issues, probably one of the best tools to have on your hard disk is the Netcat utility, originally developed by Hobbit for Unix and since ported to Windows platforms by Weld.

What is Netcat? I think of it as many different things, similar to that routine on old Saturday Night Live shows about the floor wax that is also a dessert topping. Basically, it is a tool that can be used to analyze various security issues about your servers, gateways and firewalls. Netcat can also test for ways that your machines can be exploited by hackers over the Internet. The best way to avoid being hacked is to use some of the same tools that the bad guys use and discover some of your network weaknesses before it's too late.

While the documentation is spotty (there are two ReadMe files, one more complete for the Unix version and a very abbreviated one for the Windows versions), there is enough of a cult following and plenty of examples on various Web sites, including the links at the PacketStorm URL above. People have developed all sorts of programs that take advantage of its scripting capabilities, including building a low-level Web server and client program and a way to query multiple search engines with a single command.

Let's start off by giving you a few examples of how to use it. One of the simplest is to perform port scans on a server that you suspect is vulnerable. Using the command line as follows, you can scan the first 200 IP ports on machine To scan UDP ports, you use the second command string:
nc -v -z -w2 1-200
nc -v -z -w2 -u 1-200

But the power of Netcat goes much further than just simple scanning. You can use it to connect to your NT or Unix servers and determine if it can be exploited by running any executable programs on it. It can also show the kind of information that is available to anyone with a minimal level of sophistication. Think of it as a scriptable security server. For example, to find out the version of your Web server software, type the following command. Then, when you get a response from the server, type in the second line:
nc -v 80
GET / HTTP / 1.0

You might need to hit ENTER a few times, but you'll get back the IP address and Web server version information quickly.

If you set up a pair of machines, you can use one Netcat implementation to control another and really exercise your machine to see if every possible back door has been locked down. You configure the program to listen on a certain IP port and launch an executable when a remote system connects on that port. To do this, you would issue the first command on the machine you wish to control and issue the second command on your local desktop. (Note that the switches are case-sensitive, in the best of Unix traditions.) This is often the way that many hackers get inside your systems, so it is worthwhile to attempt to try to use this tool in this way and be better prepared.
nc -L -d -e cmd.exe -p 8888
nc 8888

Once you get started with Netcat, you'll find there are all sorts of uses for it, including doing quick file transfers, getting hex dumps from programs, resolving DNS addresses and more. There are several suggestions on how to test your firewalls for source routing issues and packet filtering that are part of the Unix's version Readme file. Overall, this is a very useful utility, and one that you'll find new uses for as you dig deeper into its options. It should be in every security manager's tool kit.

Strom-meter key:
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.

About the author
David Strom is president of his own consulting firm in Port Washington, NY. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him email at [email protected]

Related book

Network Security: A beginner's guide
Author : Eric Maiwald
Publisher : Osborne
ISBN/CODE : 0072133244
Cover Type : Soft Cover
Pages : 400
Published : May 2001
Create a successful security program -- even if you're new to the field of network security -- using this practical guidebook. You can now get the technical background you need and have access to the best and most up-to-date security practices -- from one resource. You'll learn how to set up and work with firewalls, smart cards and access controls; develop and manage effective policies and procedures; secure Internet connections; recover from security breaches; prevent hacker attacks and much more. You'll also gain insight into actual program implementations in different environments -- including ecommerce and company intranets -- through real-world case studies. Plus, you'll get an 8-page network blueprint section for additional visual details on proper Internet architecture, ecommerce architecture, intrusion detection and the information security process. If you're looking for a solid introduction to securing a network, this is the only book you'll need.

This was last published in June 2001

Dig Deeper on Real-time network monitoring and forensics