Ncat Reference Guide (Man Page)

Force the use of IPv4 only (default).

Force the use of IPv6 only.

Use UDP for the connection (the default is TCP).

Use SCTP for the connection (the default is TCP). SCTP support is implemented in TCP compatible mode.

Sets hops for IPv4 loose source routing. You can use -g once with a comma-separated list of hops, use -g multiple times with single hops to build the list, or combine the two. Hops can be given as IP addresses or hostnames.

Sets the IPv4 source route “pointer” for use with -g. The argument must be a multiple of four and no more than 28. Not all operating systems support setting this pointer to anything other than four.

Set the port number for Ncat to bind to.

Set the address for Ncat to bind to.

Listen for connections rather than connecting to a remote machine

The maximum number of simultaneous connections accepted for an Ncat instance. 100 is the default.

Normally a listening server accepts only one connection and then quits when the connection is closed. This option makes it accept multiple simultaneous connections and wait for more connections after they have all been closed. It must be combined with --listen. In this mode there is no way for Ncat to know when its network input is finished, so it will keep running until interrupted. This also means that it will never close its output stream, so any program reading from Ncat and looking for end-of-file will also hang.

Allow multiple parties to connect to a centralised Ncat server and communicate with each other. Ncat can broker communication between systems that are behind a NAT or otherwise unable to directly connect. This option is used in conjunction with --listen, which causes the --listen port to have broker mode enabled.

The --chat option enables chat mode, intended for the exchange of text between several users. In chat mode, connection brokering is turned on. Ncat prefixes each message received with an ID before relaying it to the other connections. The ID is unique for each connected client. This helps distinguish who sent what. Additionally, non-printing characters such as control characters are escaped to keep them from doing damage to a terminal.

In client-mode Ncat, this option transparently negotiates an SSL session with an SSL server to securely encrypt the connection. This is particularly handy for talking to SSL enabled HTTP servers, etc.

In server-mode Ncat, this option listens for incoming SSL connections, rather than plain untunneled traffic.

In client mode, --ssl-verify is like --ssl except that it also requires verification of the server certificate. Ncat comes with a default set of trusted certificates. Some operating systems provide a default list of trusted certificates; these will also be used if available. Use --ssl-trustfile to give a custom list. Use -v one or more times to get details about verification failures.

This option has no effect in server mode.

This option gives the location of a PEM-encoded certificate files used to authenticate the server (in listen mode) or the client (in connect mode). Use it in combination with --ssl-key.

This option gives the location of the PEM-encoded private key file that goes with the certificate named with --ssl-cert.

This option sets a list of certificates that are trusted for purposes of certificate verification. It has no effect unless combined with --ssl-verify. The argument to this option is the name of a PEM file containing trusted certificates. Typically, the file will contain certificates of certification authorities, though it may also contain server certificates directly. When this option is used, Ncat does not use its default certificates.

Requests proxying through <host>:<port>, using the protocol specified by --proxy-type.

If no port is specified, the proxy protocol's well-known port is used (1080 for SOCKS and 3128 for HTTP). However, when specifying an IPv6 HTTP proxy server using the IP address rather than the hostname, the port number MUST be specified as well.

If the proxy requires authentication, --proxy-auth is available.

In client-mode, this option requests using proxy protocol <proto> to connect through the proxy host specified by --proxy. In server-mode, this option requests Ncat to actually act as a proxy server using the specified protocol.

The currently available protocols in client-mode are “http” (CONNECT) and “socks4” (SOCKSv4). The only server currently supported is “http”.

If this option is not used, the default protocol is http.

Used to specify proxy authentication credentials for client-mode. For use with --proxy-type http, the form should be user:pass. For --proxy-type socks4, it should just be a username.

Execute the specified command after a connection has been established. The command must be specified as a full pathname. All input from the remote client will be sent to the application and responses sent back to the remote client over the socket. Thus, effectively instantly making your application interactive over a socket. Ncat will handle multiple simultaneous connections to your specified port/application rather like inetd does. Ncat will only accept a maximum, definable, number of simultaneous connections. By default this is set to 100.

Same as -e, except it tries to execute the command via /bin/sh (so you don't have to specify the full path for the command).

The list of hosts specified will be the only hosts allowed to connect to the Ncat process. All other connection attempts will be silently dropped. Host specifications follow the same syntax used by Nmap.

This has the same functionality as --allow, except that the allowed hosts are provided in a new-line delimited allow file, rather than directly on the command line.

Issue Ncat with a list of hosts that will not be allowed to connect to the listening Ncat process. Specified hosts will have their session silently terminated if they try to connect. The syntax for hosts is the same as for --allow.

This is the same functionality as --deny, except that excluded hosts are provided in a new-line delimited deny file, rather than directly on the command line.

Set the delay interval for lines sent. This effectively limits the number of lines that Ncat will send in the specified period. This may be useful for low bandwidth sites, or have other uses such as annoying iptables --limit options.

Set a fixed timeout for idle connections. If the idle timeout is reached, the connection is terminated.

Set a fixed timeout for connection attempts.

Dump session data to a file

Dump session data in hex to a file. This can be used to “replay” sessions, etc.

Issue Ncat with -v and it will be verbose and display all kinds of useful connection based information. If you issue this twice (-vv) then you will get all the code debugging information. Issue it three times (-vvv) and you get the connection information and the code debugging information.

This option tells Ncat to try to use CRLF for line-endings if only an LF is found. This doesn't convert all LFs to CRLFs, only if it's at the end of the read buffer. This is useful for talking to some stringent servers directly from a terminal in one of the many common plain-text protocols which specify CRLF as the required EOL sequence.

Displays a short help screen with common options and parameters, and then exits.

If this option is passed, Ncat will only receive data and will not try to send anything.

If this option is passed, then Ncat will only send data and will ignore anything received. This option also causes Ncat to close the network connection and terminate after EOF is received on standard input.

Handle DO/DONT WILL/WONT Telnet negotiations. This makes it possible to script Telnet sessions with Ncat.

This displays the Ncat version, release information and any additional build information and exits.