|This is the talk page for discussing improvements to the Netcat article.
This is not a forum for general discussion of the article's subject.
|WikiProject Free Software / Software / Computing||(Rated Start-class, Low-importance)|
- 1 What does it actually do?
- 2 GNU netcat: merge, split, or half-n-half
- 3 netcat flagged up by virus / spyware scanners
- 4 security risks
- 5 My opinion
- 6 GAPING_SECURITY_HOLE
- 7 Netcat is USEFUL, remember
- 8 Hacking?
- 9 netcat site (vulnwatch.org) down?
- 10 Evil netcat?
- 11 Usage examples
- 12 Version weirdness
- 13 Variants
- 14 General Feedback
- 15 Nmap/Ncat -c option
- 16 *Hobbit*
What does it actually do?
The article has nothing about what netcat actually does... should the article even exist? with only half a sentence about this basic info it seems to serve no purpose.
GNU netcat: merge, split, or half-n-half
Voting closed. Merge completed Xrblsnggt 03:09, 6 July 2006 (UTC)
- (merge) I'm not against adding GNU netcat information here, but it currently has its own article, so trying to add its external link here, when it's already at GNU netcat isn't really consistent. Similarly, adding half of the GNU netcat information to this infobox (while keeping only half of the Hobbit info) isn't consistent. If others think GNU netcat should be merged here, then please explicitely do so in a consistent manner, rather than adding in bits and pieces from the other article. For what it's worth, I support the merge, though another editor felt that it would be akin to trying to merge "OpenSSH into SSH, IPFilter into firewall and Encarta into encyclopedia", which does make some sense (although mergism might dictate that GNU netcat doesn't have enough information for its own separate article yet, and so should be merged here). Anyway, at this point, I'd just settle for a consistent state of things (eg. the external link for GNU netcat being at one article or the other, and perhaps the infobox here showing the most recent date/version of the GNU version, since Hobbit's hasn't been updated for a very long time) --Interiot 14:24, 8 May 2006 (UTC)
- (merge) Well, I remember viewing that "merge Encarta to encyclopedia" reasoning. It's plainly wrong. While "Encarta" is an encyclopedia, you cannot say that "GNU Netcat" is a "netcat". Netcat was created by Hobbit, and the name is a specific name for some specific functionalities. We are not talking about merging into "Unix software utilities". Also, there is nothing special to write inside a specific article for GNU Netcat, expecially when a small paragraph plus an external link into the main Netcat article can suffice. Even more, there are many Netcat variants out there, some are just a patched version of the original nc110 (the Hobbit's one), some others are full rewrite like GNU Netcat or  (the former respects nc110 command line compatibility, the latter does not). That's just my opinion, of course I can understand that the intention of the one that splitted out GNU Netcat into an article by itself was willing to add a consistent Infobox_Software.. but I don't think it's a good idea anyway. --ThG 19:59, 24 May 2006 (GMT)
- (merge) Vote to merge to keep with existing conventions. Telnet has one page for umpteen implementations, including a GNU version. Other examples include awk, ls, cron... Xrblsnggt 04:40, 13 June 2006 (UTC)
Merge completed Xrblsnggt 03:09, 6 July 2006 (UTC)
netcat flagged up by virus / spyware scanners
my windows version of netcat is upsetting ad-aware and apparently some virus scanners. I'm adding a sentence or two saying this seems overcautious, any other perspectives / info on security risks would be good
- - - - -
Maybe people should remove the part where it says nc can be used as a backdoor. Heck, anything can be used as a backdoor, including purposely compiled binaries or SSH or inetd+telnet or other combos. Symantec says this about it:
"Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:
File name: nc.exe MD5: ... SHA256: ... Detection: NetCat"
...as if it were a nasty virus. Or maybe their criteria are that anything not used by a receptionist is automatically a *gasp* "hack tool". Last time I heard of those dreaded "hackers", they also used keyboards, mice, monitors, even cat5 cables sometimes.
To by-pass this piece of super-smart detection without removing the Symantech piece of artwork, recompile nc from scratch. Also remember to never use this high quality of antiviruses on production systems when they can suddenly decide to delete important files randomly. 18.104.22.168 (talk) 16:55, 9 May 2017 (UTC)
I don't quite understand the "security risks" section. In my mind, netcat should raise a red flag if it's been installed surreptitiously; conversely any warnings should be treated as a false alarm if netcat was installed intentionally by the computer's owner (or was installed as part of a default installation). Is there really any inherent extra risk in having netcat installed, above any risk posed by having telnetd or sshd (which can open listening ports that get connected to a shell) or ssh (which can forward ports) installed? --Interiot 05:04, 6 July 2006 (UTC)
- Most security software is too dumb to be able to discern surreptitous vs. authorized installation. As to risk, netcat can do things telnet and ssh can't, but it kinda depends on your threat model. Akb4 22:04, 19 September 2006 (UTC)
- The bigger problem is not so much that it gets flagged by AV; but that the AV doesn't give you many options. Almost all AV programs will halt execution every time you run it, and almost as many simply delete it on sight, giving you a box saying "We deleted this.", instead of "What should I do with this?". With a lot of AVs you really have to jump through hoops to get pen-testing, or, in nc's case, low level networking utilities, left alone.
- But back to the topic at hand; if a mention is made, it should be that while nc can be used for malicious purposes, it is not a malicious program intrinsically; and that often AVs are a little...overzealous in their handling of it. King Spook 09:56, 28 May 2008 (UTC)
It seems that such command like
nc -L #targetip -p #port-number -v -t -d -e cmd.exe
is a Windows only command, because the original necat does not have the option -L. See the Netcat Mannual Page
- No, it just needs to be compiled with specific flags enabled to activate the -L flag. For security reasons, most precompiled distributions aren't compiled with these flags, so the -L flag is usually not available, and you need to recompile it yourself if you want that. The windows compiled versions, for whatever reasons, are precompiled with those flags. -22.214.171.124 (talk) 15:41, 4 August 2008 (UTC)
(yes, it needs an explanation/desciption)
Netcat is USEFUL, remember
I wouldnt say nc can be used for hacking, more debugging.. If you refer to the malicious action that is trying to break into a system, that'd be called cracking.
126.96.36.199 10:55, 20 February 2007 (UTC)
netcat site (vulnwatch.org) down?
The vulnwatch.org site does not work at all. Where can one get nc for Windows, then?
The vulnwatch.org linked as home the page appears to have expired and is serving malware!! Please update or remove the link. —Preceding unsigned comment added by 188.8.131.52 (talk) 17:03, 6 April 2009 (UTC)
- Yes, vulnwatch.org appears to be dead, but I doubt it is serving up malware, it is a godaddy parking page now. I have changed the URLs in the to source forge. Wrs1864 (talk) 17:49, 6 April 2009 (UTC)
Anyone ever used Netcat to do this?
According to the man page for nc,
-l Used to specify that nc should listen for an incoming connection rather than initiate a connec- tion to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.
- Hm, indeed and I was about to change this, but: netcat-traditional seems to need "-l -p 3333", it won't listen on a local 3333 port without the -p. The more flexible netcat-openbsd does not accept -p in combination with -l and the manpage contains the comment you quoted above. However, I'm not too eager providing examples for all netcat versions out there, I think the few examples are more than enough for an encyclopedia :) 184.108.40.206 (talk) 19:57, 9 August 2009 (UTC)
The infobox in the article says the latest version is 1.10 March 20, 1996, while the linked homepage says : 0.7.1 released on 11 Jan 2004. Someone should fix it up. --Xerces8 (talk) 15:58, 21 April 2009 (UTC)
This is because this article confuses the legacy original version (which has no page actually, mirrored at http://nc110.sourceforge.net/ ) and the new GNU implementation (which is GPL licensed) called GNU Netcat ( http://netcat.sourceforge.net/ ). Maybe this needs clarification because the hobbit version of netcat has nothing to do with the GNU version. --Netol (talk) 21:25, 6 September 2009 (UTC)
I'd like to see a table of the netcat variants. I think it should include all the the programs that are trying to be descendants (in spirit) of *Hobbits*'s netcat, whereas cousins should not be in this table. I have started one here, but I did not put it in the article because it is not complete.
|Netcat (the original)||*Hobbit*||version 1.10 (March 20, 1996)|
|OpenBSD Netcat||Eric Jackson||version 1.98 (July 3, 2010)||http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/|
|GNU Netcat||Giovanni Giacobbi||version 0.7.1 (January 11, 2004)||http://netcat.sourceforge.net/|
|Netcat 6||Mauro Tortonesi et al.||version 1.0 (January 19, 2006)||http://www.deepspace6.net/projects/netcat6.html|
|Ncat||Fyodor et al.||version 6.x (generally the same version as Nmap releases, even though there may not be any new features)||http://nmap.org/ncat/|
Nmap/Ncat -c option
The ncat implementation does support the -c parameter.
I was wondering who is Hobbit or what happened to him? Is he underground? Or working in the security industry?