netcat是网络界的瑞士军刀,是一个用于TCP/UDP连接和监听的linux工具,主要用于网络传输及调试领域。netcat 可以打开TCP连接发送UDP报文,监听在TCP和UDP端口,以及TCP端口扫描。
man netcat
NAME
nc - TCP/IP swiss army knife
SYNOPSIS
nc [-options] hostname port[s] [ports] ...
nc -l -p port [-options] [hostname] [port]
OPTIONS
-c string specify shell commands to exec after connect (use with caution). The string is passed to /bin/sh -c for
execution. See the -e option if you don't have a working /bin/sh (Note that POSIX-conformant system must
have one).
-e filename specify filename to exec after connect (use with caution). See the -c option for enhanced functionality.
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h display help
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number (port numbers can be individual or ranges: lo-hi [inclusive])
-q seconds after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait for‐
ever.
-b allow UDP broadcasts
-r randomize local and remote ports
-s addr local source address
-t enable telnet negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-C Send CRLF as line-ending
-z zero-I/O mode [used for scanning]
-T type set TOS flag (type may be one of "Minimize-Delay", "Maximize-Throughput", "Maximize-Reliability", or "Mini‐
mize-Cost".)
安装netcat
root@newbie-unknown85882:~# apt-get install -y netcat
#在此使用的是apt-get安装,如果用yum安装则是yum install -y netcat
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
netcat 已经是最新版 (1.10-41)。
升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 1 个软件包未被升级。
#本机已经安装了netcat
开启监听端口
在10.83.3.102这台机上执行nc -l -p 9999
root@newbie-unknown85882:~# nc -l -p 9999
打在另一个终端在10.83.3.102这台机上执行netstat -atunlp | grep 9999
root@newbie-unknown85882:~# netstat -atunlp | grep 9999
tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 7985/nc
nc 进行局域网内聊天
在服务端10.83.3.102这台机上执行nc -l -p 9999
然后在客户端10.83.3.103这台机上执行nc 10.83.3.102 9999
现在就可以进行简单聊天了:
服务端
root@newbie-unknown85882:~# nc -l -p 9999
Hello World!
Hello Jaking!
Hello SteamedFish!
Hello IGI!
客户端
root@newbie-unknown85883:~# nc 10.83.3.102 9999
Hello World!
Hello Jaking!
Hello SteamedFish!
Hello IGI!
服务端和客户端的消息是同步显示的。
nc 局域网文件传输
在服务端创建文件并传输:
root@newbie-unknown85882:/tmp# echo netcat > a.txt
root@newbie-unknown85882:/tmp# cat a.txt
netcat
root@newbie-unknown85882:/tmp# nc -l -q 1 -p 9999 < a.txt
#-q 1 : 表示发送完等待1秒后退出
在客户端接收并验证文件:
root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 > a.txt
root@newbie-unknown85883:/tmp# ls
a.txt
root@newbie-unknown85883:/tmp# cat a.txt
netcat
传输目录
在服务端对目录进行打包再传输:
root@newbie-unknown85882:/tmp# mkdir book
root@newbie-unknown85882:/tmp# ls
a.txt book hwcheck
root@newbie-unknown85882:/tmp# ls -l
总用量 4
-rw-r--r-- 1 root root 7 2月 26 10:28 a.txt
drwxr-xr-x 2 root root 6 2月 26 10:54 book
drwxr-xr-x 2 root root 6 2月 26 10:55 hwcheck
root@newbie-unknown85882:/tmp# cd book/
root@newbie-unknown85882:/tmp/book# ls
root@newbie-unknown85882:/tmp/book# touch 1.txt
root@newbie-unknown85882:/tmp/book# touch 2.txt
root@newbie-unknown85882:/tmp/book# touch 3.txt
root@newbie-unknown85882:/tmp/book# ls
1.txt 2.txt 3.txt
root@newbie-unknown85882:/tmp/book# cd /tmp
root@newbie-unknown85882:/tmp# tar -c book | nc -l -q 1 -p 9999
在客户端接收并验证文件:
root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 | tar -x
root@newbie-unknown85883:/tmp# ls -R book
book:
1.txt 2.txt 3.txt
root@newbie-unknown85883:/tmp# ls
a.txt book hwcheck
root@newbie-unknown85883:/tmp# cd book/
root@newbie-unknown85883:/tmp/book# ls
1.txt 2.txt 3.txt
传输多个文件
在服务端对多个文件进行打包再传输:
root@newbie-unknown85882:/tmp# ls
a.txt book hwcheck
root@newbie-unknown85882:/tmp# touch b.txt
root@newbie-unknown85882:/tmp# touch c.txt
root@newbie-unknown85882:/tmp# ls
a.txt book b.txt c.txt hwcheck
root@newbie-unknown85882:/tmp# tar -c a.txt b.txt c.txt | nc -l -q 1 -p 9999
在客户端接收并验证文件:
root@newbie-unknown85883:/tmp# ls
a.txt book hwcheck
root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 | tar -x
root@newbie-unknown85883:/tmp# ls
a.txt book b.txt c.txt hwcheck
**使用netcat进行端口扫描 **
格式
nc -v -z -r -i 1 127.0.0.1 8888-8899
-z:指定端口扫描打开仅连接不发送数据
-v:显示详细信息(不指定不会报告打开的端口)
-i:当连接多个端口时 两个端口建立连接的时间间隔。
-r :让netcat 在指定的端口范围内无序的扫描端口(默认是从低到高依次扫描)
root@newbie-unknown85882:/tmp# nc -v -z -r -i 1 127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc -vzr -i 1 127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc -vzr 127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc -vzr 127.0.0.1 1000-10000
localhost [127.0.0.1] 3000 (?) open
localhost [127.0.0.1] 6082 (?) open
localhost [127.0.0.1] 8888 (?) open
localhost [127.0.0.1] 5901 (?) open
使用netcat进行UDP报文传输
cat a.txt | nc -q 1 -u localhost 9999 > /dev/null
将文本文件a.txt 文件输出作为nc的输入 向端口号为9999的服务器发送 a.txt
-q 1:表示发送完等待1秒后退出
-u:表示使用UDP协议来发送报文(默认使用TCP)
root@newbie-unknown85882:/tmp# cat a.txt | nc -q 1 -u localhost 9999 > /dev/null
使用netcat 提供网络远程登录服务
服务端
root@newbie-unknown85882:/tmp# nc -l -p 9999 -e /bin/sh
#-e:表示连接成功后执行的程序
客户端
root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999
ifconfig
eth0: flags=4163 mtu 1400
inet 10.83.3.102 netmask 255.255.255.0 broadcast 10.83.3.255
ether 52:54:00:35:ed:32 txqueuelen 1000 (Ethernet)
RX packets 2783649 bytes 689151624 (657.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3028532 bytes 1697066832 (1.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 207153 bytes 40922049 (39.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 207153 bytes 40922049 (39.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#在客户端上执行ifconfig后显示服务端的ip 10.83.3.102,意思是服务端已开启远程登录服务,供其它机器远程登录。