Talk:Netcat

What does it actually do?
The article has nothing about what netcat actually does... should the article even exist? with only half a sentence about this basic info it seems to serve no purpose.

Examples section added to make clear what netcat can do. —Preceding unsigned comment added by 207.47.61.234 (talk) 01:26, 3 April 2008 (UTC)

Vote Here:
Voting closed. Merge completed Xrblsnggt 03:09, 6 July 2006 (UTC)


 * (merge) I'm not against adding GNU netcat information here, but it currently has its own article, so trying to add its external link here, when it's already at GNU netcat isn't really consistent. Similarly, adding half of the GNU netcat information to this infobox (while keeping only half of the Hobbit info) isn't consistent.  If others think GNU netcat should be merged here, then please explicitely do so in a consistent manner, rather than adding in bits and pieces from the other article.  For what it's worth, I support the merge, though another editor felt that it would be akin to trying to merge "OpenSSH into SSH, IPFilter into firewall and Encarta into encyclopedia", which does make some sense (although mergism might dictate that GNU netcat doesn't have enough information for its own separate article yet, and so should be merged here).  Anyway, at this point, I'd just settle for a consistent state of things (eg. the external link for GNU netcat being at one article or the other, and perhaps the infobox here showing the most recent date/version of the GNU version, since Hobbit's hasn't been updated for a very long time) --Interiot 14:24, 8 May 2006 (UTC)


 * (merge) Well, I remember viewing that "merge Encarta to encyclopedia" reasoning. It's plainly wrong. While "Encarta" is an encyclopedia, you cannot say that "GNU Netcat" is a "netcat". Netcat was created by Hobbit, and the name is a specific name for some specific functionalities. We are not talking about merging into "Unix software utilities". Also, there is nothing special to write inside a specific article for GNU Netcat, expecially when a small paragraph plus an external link into the main Netcat article can suffice. Even more, there are many Netcat variants out there, some are just a patched version of the original nc110 (the Hobbit's one), some others are full rewrite like GNU Netcat or |nc6 (the former respects nc110 command line compatibility, the latter does not). That's just my opinion, of course I can understand that the intention of the one that splitted out GNU Netcat into an article by itself was willing to add a consistent Infobox_Software.. but I don't think it's a good idea anyway. --ThG 19:59, 24 May 2006 (GMT)


 * (merge) Vote to merge to keep with existing conventions. Telnet has one page for umpteen implementations, including a GNU version. Other examples include awk, ls, cron... Xrblsnggt 04:40, 13 June 2006 (UTC)

Merge completed Xrblsnggt 03:09, 6 July 2006 (UTC)

netcat flagged up by virus / spyware scanners
my windows version of netcat is upsetting ad-aware and apparently some virus scanners. I'm adding a sentence or two saying this seems overcautious, any other perspectives / info on security risks would be good

- - - - -

Maybe people should remove the part where it says nc can be used as a backdoor. Heck, anything can be used as a backdoor, including purposely compiled binaries or SSH or inetd+telnet or other combos. Symantec says this about it:

"Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:   File name: nc.exe    MD5: ...    SHA256: ...    Detection: NetCat" ...as if it were a nasty virus. Or maybe their criteria are that anything not used by a receptionist is automatically a *gasp* "hack tool". Last time I heard of those dreaded "hackers", they also used keyboards, mice, monitors, even cat5 cables sometimes.

To by-pass this piece of super-smart detection without removing the Symantech piece of artwork, recompile nc from scratch. Also remember to never use this high quality of antiviruses on production systems when they can suddenly decide to delete important files randomly. 45.61.4.155 (talk) 16:55, 9 May 2017 (UTC)

security risks
I don't quite understand the "security risks" section. In my mind, netcat should raise a red flag if it's been installed surreptitiously; conversely any warnings should be treated as a false alarm if netcat was installed intentionally by the computer's owner (or was installed as part of a default installation). Is there really any inherent extra risk in having netcat installed, above any risk posed by having telnetd or sshd (which can open listening ports that get connected to a shell) or ssh (which can forward ports) installed? --Interiot 05:04, 6 July 2006 (UTC)


 * Most security software is too dumb to be able to discern surreptitous vs. authorized installation. As to risk, netcat can do things telnet and ssh can't, but it kinda depends on your threat model. Akb4 22:04, 19 September 2006 (UTC)


 * The bigger problem is not so much that it gets flagged by AV; but that the AV doesn't give you many options. Almost all AV programs will halt execution every time you run it, and almost as many simply delete it on sight, giving you a box saying "We deleted this.", instead of "What should I do with this?".  With a lot of AVs you really have to jump through hoops to get pen-testing, or, in nc's case, low level networking utilities, left alone.
 * But back to the topic at hand; if a mention is made, it should be that while nc can be used for malicious purposes, it is not a malicious program intrinsically; and that often AVs are a little...overzealous in their handling of it. King Spook 09:56, 28 May 2008 (UTC)

My opinion
It seems that such command like nc -L #targetip -p #port-number -v -t -d -e cmd.exe is a Windows only command, because the original necat does not have the option -L. See the Netcat Mannual Page
 * No, it just needs to be compiled with specific flags enabled to activate the -L flag. For security reasons, most precompiled distributions aren't compiled with these flags, so the -L flag is usually not available, and you need to recompile it yourself if you want that. The windows compiled versions, for whatever reasons, are precompiled with those flags. -82.156.210.192 (talk) 15:41, 4 August 2008 (UTC)

GAPING_SECURITY_HOLE
(yes, it needs an explanation/desciption)

Netcat is USEFUL, remember
For such a handy tool (not just for hacking) there seems to be a lot more on the risks than the uses. --대조 | Talk 08:58, 6 February 2007 (UTC)

Hacking?
I wouldnt say nc can be used for hacking, more debugging.. If you refer to the malicious action that is trying to break into a system, that'd be called cracking.

129.240.70.72 10:55, 20 February 2007 (UTC)

netcat site (vulnwatch.org) down?
The vulnwatch.org site does not work at all. Where can one get nc for Windows, then?

217.77.161.17 (talk) 09:42, 28 May 2008 (UTC)

The vulnwatch.org linked as home the page appears to have expired and is serving malware!! Please update or remove the link. —Preceding unsigned comment added by 96.230.138.100 (talk) 17:03, 6 April 2009 (UTC)
 * Yes, vulnwatch.org appears to be dead, but I doubt it is serving up malware, it is a godaddy parking page now. I have changed the URLs in the to source forge. Wrs1864 (talk) 17:49, 6 April 2009 (UTC)

Evil netcat?
Anyone ever used Netcat to do this?

Cant it be added to the official netcat wiki? —Preceding unsigned comment added by 41.240.64.31 (talk) 19:04, 3 August 2008 (UTC)

Usage examples
According to the man page for nc,

-l     Used to specify that nc should listen for an incoming connection rather than initiate a connec- tion to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.

but the example on the page shows $nc -l -p 3333. Ergosteur (talk) 03:30, 17 November 2008 (UTC)


 * Hm, indeed and I was about to change this, but: netcat-traditional seems to need "-l -p 3333", it won't listen on a local 3333 port without the -p. The more flexible netcat-openbsd does not accept -p in combination with -l and the manpage contains the comment you quoted above. However, I'm not too eager providing examples for all netcat versions out there, I think the few examples are more than enough for an encyclopedia :) 78.47.219.222 (talk) 19:57, 9 August 2009 (UTC)

Version weirdness
The infobox in the article says the latest version is 1.10 March 20, 1996, while the linked homepage says : 0.7.1 released on 11 Jan 2004. Someone should fix it up. --Xerces8 (talk) 15:58, 21 April 2009 (UTC)

This is because this article confuses the legacy original version (which has no page actually, mirrored at http://nc110.sourceforge.net/ ) and the new GNU implementation (which is GPL licensed) called GNU Netcat ( http://netcat.sourceforge.net/ ). Maybe this needs clarification because the hobbit version of netcat has nothing to do with the GNU version. --Netol (talk) 21:25, 6 September 2009 (UTC)

Variants
I'd like to see a table of the netcat variants. I think it should include all the the programs that are trying to be descendants (in spirit) of *Hobbits*'s netcat, whereas cousins should not be in this table. I have started one here, but I did not put it in the article because it is not complete.

--GdcRNT (talk) 00:11, 14 October 2010 (UTC)

Added Fyodor's Ncat. Family Guy Guy (talk) 18:54, 4 June 2014 (UTC)

General Feedback
This article is great, the more content, the better. All the examples are great. Keep up the good work! — Preceding unsigned comment added by 75.149.163.230 (talk) 00:19, 17 August 2011 (UTC)

Nmap/Ncat -c option
The ncat implementation does support the -c parameter.

It's mentioned on the man page: [] Family Guy Guy (talk) 01:00, 31 May 2013 (UTC)

*Hobbit*
I was wondering who is Hobbit or what happened to him? Is he underground? Or working in the security industry?

Family Guy Guy (talk) 06:02, 13 December 2013 (UTC)

I also am curious about this.

One guide on netcat says ""netcat ... was developed by the l0pht, which is now @stake (http://www.atstake.com/)". Another article about L0pht "AN ORAL HISTORY OF THE LØPHT" also mentions the L0pht became part of "@stake, a security consultancy". The book "Analyzing Computer Security" and an LA Times article "Hacking Ain’t What It Used to Be" seems to imply that Hobbit is somehow associated with L0pht Heavy Industries.

The current l0pht article says "@stake" was later acquired by Symantec.

So my best guess is "Hobbit" is a pseudonym used by one or more of the around 11 members of L0pht, quite likely still working in the white-hat security industry, possibly at Symantec.

Alas, the sources I've found are vague. --DavidCary (talk) 02:42, 26 January 2022 (UTC)