Netcat (nc) is a versatile networking tool commonly used for debugging, testing connectivity, and performing simple port scans on systems you are authorized to assess.
𧩠Basic Syntax
nc [options] <target> <port>π 1. Single-Port Scan
Check if a specific port is open:
nc -vz <target> <port>Example:
nc -vz 192.168.1.10 22-vβ verbose-zβ zero-I/O scan (don't send data)
π 2. Scan a Range of Ports
nc -vz <target> <start-port>-<end-port>Example:
nc -vz 192.168.1.10 1-1024π 3. Scan Multiple Individual Ports
nc -vz <target> 22 80 443β‘οΈ 4. Fast Scan With Timeout
nc -vz -w 1 <target> 1-1000-w 1β 1-second timeout
π‘ 5. TCP vs UDP Scanning
TCP Scan
nc -vz <target> <port>UDP Scan
nc -vzu <target> <port>Example:
nc -vzu 192.168.1.10 53-uβ UDP mode
β οΈ Note: UDP scans are less reliable; closed ports may not respond.
π 6. Banner Grabbing (Service Fingerprinting)
Useful for identifying running services.
nc -v <target> <port>Example (HTTP):
echo -e "HEAD / HTTP/1.0\r\n\r\n" | nc <target> 80π§° 7. Using Netcat as a Simple Port Scanner Script
A lightweight loop-based scanner:
for port in {1..1024}; do
nc -zv <target> $port 2>&1 | grep succeeded
done𧿠8. Reverse / Bind Connection Checks (Legitimate Testing Only)
Check a listener:
nc -vz <target> <listening-port>Open a listener (defensive debugging):
nc -lvnp <port>π§Ό 9. Quiet Mode (No Output)
nc -z -n <target> <port>-nβ no DNS lookups (faster & more stealthy for testing)
π‘οΈ 10. Common Practical Use Cases
Use CaseCommandQuick open-port checknc -vz <host> 80
Scan top common portsnc -vz <host> 21 22 80 443 3306
Fast scan with timeoutnc -vz -w 1 <host> 1-500
Check UDP DNSnc -vzu <host> 53
Service fingerprintnc <host> <port>
βοΈ Ethical & Legal Reminder
All instructions are intended strictly for systems you own or have explicit authorization to test. Unauthorized scanning is illegal and unethical.