KL013 – Some Practical Tools (Netcat and Socket Statistics)

Netcat (nc)

Netcad is installed by default on your Kali Linux. It is according to its man page is TCP/IP swiss army knife. It is a simple unix utility which reads and writes data across network connections, using TCP or UDP protocol.

Netcat can run in client or server mode.

Netcat in client mode

In the client mode, we specify the remote IP and the port (remote socket). I add switch -v to add some verbosity.

┌──(kali㉿kali-1)-[~]
└─$ nc -v 10.0.0.14 80
10.0.0.14: inverse host lookup failed: Unknown host
(UNKNOWN) [10.0.0.14] 80 (http) open

To skip DNS name resolution we add -n option:

┌──(kali㉿kali-1)-[~]
└─$ nc -nv 10.0.0.14 80
(UNKNOWN) [10.0.0.14] 80 (http) open

Netcat in server mode

In server mode, Netcat listens to incoming connections. -n and -v are the same as Netcat in client mode which was explained above, -l creates a listener and -p specifies the listening port number:

┌──(kali㉿kali-1)-[~]
└─$ nc -nlvp 8888
listening on [any] 8888 ...
connect to [10.0.0.41] from (UNKNOWN) [10.0.0.41] 42612

Exercise: A simple chat service using netcat

Create a chat session between you and you friend using Netcat on TCP port 7777.

transfer Files with Netcat

Netcat can also transfer binary and text files. On the machine which receives the file (Netcat in the server mode), we redirect the stdout to a file.

On the other hand, on the sender machine we use < operand, to redirect the file as the Netcat input (instead of us typing in the terminal). Before transferring our tree.txt file from kali-1 machine to kali-2, let’s check our kali-2 and make sure tree.txt file is not there.

┌──(kali㉿kali-2)-[~/Documents]
└─$ ls


┌──(kali㉿kali-2)-[~/Documents]
└─$

Now, let’s start transferring the file. Note that you won’t get any response from Netcat about the transfer progress. Since you are transferring a small file, wait a few seconds then hit Ctrl+c and make sure the transfer completes.

┌──(kali㉿kali-2)-[~/Documents]
└─$ nc -nlvp 9999 > copy_of_tree.txt
listening on [any] 9999 ...

┌──(kali㉿kali-1)-[~/Documents]
└─$ nc -nv 10.0.0.42 9999 < tree.txt
(UNKNOWN) [10.0.0.42] 9999 (?) open

┌──(kali㉿kali-2)-[~/Documents]
└─$ nc -nlvp 9999 > copy_of_tree.txt
listening on [any] 9999 ...
connect to [10.0.0.42] from (UNKNOWN) [10.0.0.41] 58516
^C ← After few seconds ..., hit ctrl+c

┌──(kali㉿kali-2)-[~/Documents]
└─$ ls -l
total 4
-rw-r--r-- 1 kali kali 635 Apr 10 15:40 copy_of_tree.txt

Socket Statistics (ss)

What is a socket? combination if IP and Port is a socket. (more information here).

The ss command shows you which sockets your machine is interacting with on the network. Our frequently used switches are: -n for numeric (no the service name), -l for listening ports, -a to display all sockets, -p show the process which uses the socket, -t only TCP sockets, -u only UDP sockets, -4 display only IPv4 sockets.

┌──(kali㉿kali-1)-[/etc/NetworkManager/system-connections]
└─$ ss -a4
Netid  State     Recv-Q    Send-Q     Local Address:Port      Peer Address:Port   Process
tcp    LISTEN    0         128              0.0.0.0:ssh            0.0.0.0:*
tcp    LISTEN    0         128            127.0.0.1:6010           0.0.0.0:*
tcp    ESTAB     0         0              10.0.0.41:ssh           10.0.0.1:33176
tcp    ESTAB     0         48             10.0.0.41:ssh           10.0.0.1:33168

Exercise: Modify the command above to not to try to resolve service name (SSH).