Netcat a powerfool tool (2009)
A fairly high level component to Unix and networking magicks. Not for the novice, much.
Netcat (nc(1)) is, as the name suggests, a version of cat(1) that works over network sockets. In fact it is likely the lowest-level networking tool you are going find or be able to install without scripting one yourself. Netcat may either send to or listen on a port (on an IP/hostname) and then acts exactly like cat(1).
So, rather than cat’ing a file from one folder to another, you cat a file (everything in Unix is a file, right?) to … somewhere else. In it’s most basic form:
lorelei-lee:~/Work/adricnet/trunk adric$ cat | nc localhost 33333 foo #typed ^C punt! lorelei-lee:~/Desktop adric$ nc -l -p 33333 foo #appears ^C punt!
Plenty more in the man page or on example pages that Google easily, and maybe here later (FIXME). I’m pretty sure there are IPv6 versions by now, although this one seems not to be. I’m equally certain it’s available for [Windows], maybe even without [Cygwin] (LINKME).
And as neat as it is to be able to simulate talk(1) without buffering or [Tar Over SSH] without security .. nc’s real utility is in it’s ability to set up things that you might not have been to do otherwise. And thereby really blowing holes in lots of security models.
You can simulate a remote shell by piping nc to (eg) bash:
lorelei-lee:~/Work/adricnet/trunk adric$ cat | nc localhost 33333 ls #typed
lorelei-lee:~/Desktop adric$ nc -l -p 33333 | bash #output here: Etch SE Syllable Icon? Syllable 0.6.4 OpenSolaris WinXP Project LRNJ- Classic Hiragana Dream bugg Project LRNJ- Slime Forest evo ^C punt!
Frighteningly enough it works the other way too. Lets say you have the ability to execute commands on the server, but you can’t receive connections there because of some firewall. Just switch it about. Timing is a little tricky, so listen first:
client# nc -l -p 33333 server$ nc localhost 33333 | bash #then commands typed on client id uptime #are executed and output on the server: uid=501(adric) gid=501(adric) groups=501(adric), 81(appserveradm), 79(appserverusr), 80(admin) 11:37 up 19 days, 2:44, 4 users, load averages: 1.20 1.25 1.26
Reverse MySQL Dump
Once upon a time I was transferring customer SQL data from one server to another. Thing was, there was not enough diskspace free on the old server to mysqldump(1) out the gibibytes of stuff. and, mysql was configured to disallow remote acces by any user we had access to use. So, at the suggestion of a local wizard, we set up a reverse mysqldump with netcat, dumping from mysqldump straight to nc and across the wire (and the country, of course).
client# nc -l -p 33333 > sqldump.sql server$ mysqldump -u root -p --databases > nc localhost 33333
The wizard actually recommends piping a ‘gzip’ in the midst for compression if it’s going to be much data.
Netcat and Reverse Telnet on O’Reily Network: http://www.onlamp.com/pub/a/onlamp/2003/05/29/netcat.html