一直在linux环境下编程,但却没有用过nc命令,不过最近发现Netcat这个命令-nc,发现真的蛮强大的,
为了备忘,就写了这个博客吧,不求全,只求把自己觉得很有用的命令整理出来,这篇文章估计要长期更新,想到了,看到了好的用法就
更新一番吧。
先把man nc 的内容贴一下!
NC(1) NC(1)
NAME
nc - TCP/IP swiss army knife //看看吧,瑞士军刀
SYNOPSIS
nc [-options] hostname port[s] [ports] ...
nc -l -p port [-options] [hostname] [port]
DESCRIPTION
netcat is a simple unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be
used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind
of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another
one of those cryptic but standard Unix tools.
//nc命令的选项,研究nc命令也就是研究他的选项组合
OPTIONS
-c string specify shell commands to exec after connect (use with caution). The string is passed to /bin/sh -c for execution. See the -e option if you don't have a working
/bin/sh (Note that POSIX-conformant system must have one).
-e filename specify filename to exec after connect (use with caution). See the -c option for enhanced functionality.
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h display help
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number (port numbers can be individual or ranges: lo-hi [inclusive]) 指定监听的端口()
-q seconds after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever.
-b allow UDP broadcasts
-r randomize local and remote ports
-s addr local source address
-t enable telnet negotiation
-u UDP mode 若使用UDP协议传输,使用此选项
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
-T type set TOS flag (type may be one of "Minimize-Delay", "Maximize-Throughput", "Maximize-Reliability", or "Minimize-Cost".)
1:监听指定端口
监听本地端口
nc -l 12345 ,如果你要将监听的输入指定到指定的文件,比如/dev/zero
nc -l 12345 > /dev/null
2:向指定主机的某一端口发送连接
nc www.example.com 12345 (向www.example.com 主机的12345 端口建立tcp连接)
3:若想使用UDP连接,则两端都要使用-u 选项
4: -v 选项,显示nc 输出内容
例如 nc -l-v 12345 > /dev/null
输出:
root@ubuntu:~# nc -l -v -p 12345 > /dev/null
Listening on [0.0.0.0] (family 0, port 12345)
nc localhost -v 12345
输出:
root@ubuntu:~# nc -v localhost 12345
Connection to localhost 12345 port [tcp/*] succeeded!
5:可以使用nc 命令,-z选项扫描某一主机的端口是否开放
例如:检测我本机的10-30端口有哪些是开放的
nc -v -z localhost 10-30
可以看到,我本机的13,21,22端口是开放的,而其他的端口都是关闭的
所以估计黑客门喜欢用吧,不过也许人家用更高达上的工具吧。不过对来我说很好用
6:使用 -w 选项限定空闲时间
服务端,可以使用 -w 选项来设置空闲时间限制。也就是说,当连接空闲超时时,连接会自动断开。注意,-w 选项并不会影响 -l 选项,也就是说,
如果还没有连接进来时,即使超出了超时时间,那么服务端的监听并不会自动断开。这里的超时是相对于连接来说的。比如下面服务端的设定
7:进行代理
比如我使用如下命令
nc -v -l 8899 | nc -v www.sina.com.cn 80
上面的意思是,先使 nc 监听在 8899 端口。如果客户端访问服务器的 8899 端口,那么就将请求通过管道送到另一边的 nc 命令中,该 nc 命令再将请求内容发往 www.sina.com.cn ,
当 www.sina.com.cn 响应时,所返回网站内容默认输出到标准输出上(文件描述符为 1),此时我们将这些内容重定向到 tunnel 这个有名管道中,一旦管道有了内容,它就输送到标准输入(0),
接着标准输入的内容被左端的 nc 接收,最后 nc 就将这些内容返回到客户端去
好了,有机会继续总结。。。。