Linux command-nc

• nc'S full name is netcat,

• Its main purpose is to establish and monitor any TCP and UDP connections, support ipv4 and ipv6

• Therefore, it can be used for network debugging, port scanning and so on.

Test whether the port number can be connected

• usage:nc -z -v 主机ip或域名 端口号

  • -zTell netcat that the user does not want to send data to the host, and nc does not need to wait for user input.

  • -vTell netcat to output the detailed interactive process.

  • -z -vYou can omit the latter -and write directly-zv

Port scan

• nc -z -v 主机ip或域名 端口号The expansion of the port has changed from a designated port to a range of ports.
• usage:nc -zv 主机的ip或域名 端口号下限-端口号上限

Note: Although it is possible to perform port scanning with nc.

But its scanning speed is relatively slow. It is recommended to use nmapcommands for more professional port scanning, which is faster.

The nmap command is an open source network detection and security audit tool. Its design goal is to quickly scan large networks.

grammar

nmap(选项)(参数)

Options

-O：激活操作探测；
-P0：值进行扫描，不ping主机；
-PT：是同TCP的ping；
-sV：探测服务版本信息；
-sP：ping扫描，仅发现目标主机是否存活；
-ps：发送同步（SYN）报文；
-PU：发送udp ping；
-PE：强制执行直接的ICMPping；
-PB：默认模式，可以使用ICMPping和TCPping；
-6：使用IPv6地址；
-v：得到更多选项信息；
-d：增加调试信息地输出；
-oN：以人们可阅读的格式输出；
-oX：以xml格式向指定文件输出信息；
-oM：以机器可阅读的格式输出；
-A：使用所有高级扫描选项；
--resume：继续上次执行完的扫描；
-P：指定要扫描的端口，可以是一个单独的端口，用逗号隔开多个端口，使用“-”表示端口范围；
-e：在多网络接口Linux系统中，指定扫描使用的网络接口；
-g：将指定的端口作为源端口进行扫描；
--ttl：指定发送的扫描报文的生存期；
--packet-trace：显示扫描过程中收发报文统计；
--scanflags：设置在扫描报文中的TCP标志。
--send-eth/--send-ip 使用原始以太网发送/构造指定IP发送

As a server, listen to a specific port number

• Test whether the client successfully sends the information to the server.

• usage:nc -l 端口号

  • TCP by default
  • If it is UDP, it isnc -lu 端口号

Example:, nc -l 8000and then use the browser to initiate a request 127.0.0.1:8000.

In the figure below, you can see the request sent by the browser printed by netcat (including but not limited to the request method, IP address and port number, connection method, User-Agent...)

As a client, check whether the application layer protocol is normal

• As a client, connect to a specific port number and send information related to the application layer protocol to check whether the application layer protocol is normal.

  • And nc -zv 主机的ip或域名 端口号similar, but the former only test port connectivity, where the main focus on the upper application protocol

• usage:nc 主机的ip或域名 端口号

-file transfer

• This is actually a combination of the previous two.

• Receiving end:nc -l 端口号 > 文件名

• Sending end:nc 主机的ip或域名 端口号 < 文件名