Other Options

This section contains descriptions of all options that haven't been discussed so far.

The --nodns option (and its short form -n) instructs Ncat never to resolve names into addresses. All hosts must appear as IPv4 or IPv6 addresses.

Ncat can be used as a Telnet client or server with the --telnet option (-t). This simply causes Ncat to respond negatively to any questions asked by the other host in the binary Telnet protocol, removing such negotiations from the stream seen by the user. The primary use of this option is to allow running canned Telnet scripts.

The --send-only and --recv-only options do what their names imply, turning Ncat into a one-way communications channel instead of its default two-way channel. A usage example is gathering data from a server without the possibility of accidentally sending something typed at the keyboard. --send-only in both connect and listen modes causes Ncat to quit when its input runs out. Normally it will not quit until the network connection is closed because the remote side may still send something, but in the case of --send-only there's no reason to receive anything more.

Source Options

In connect mode, you may set the source address and port used for the connection with the --source (-s) and --source-port (-p). The -s option only works for locally configured addresses; it doesn't work like Nmap's -S option. The value of -p is that sometimes firewalls will allow traffic that comes from certain source ports (such as 20 or 53).

The -g option allows hops selection for IPv4 loose source routing. List the hops in order by giving -g multiple times or by separating the hops with commas. By default the source routing pointer is 4 in the packets sent, indicating the first hop in the list. You may set the pointer to another value with the -G option. The pointer value must be a multiple of 4 between 4 and 28, but some operating systems only support 4.


Ncat offers various options to control timing. Each of them take an argument that is assumed to be in seconds, unless followed by ms for milliseconds, s for seconds, m for minutes, or h for hours. 30s means 30 seconds. This format should already be familiar to Nmap users.

The --delay option and its short form -d make Ncat wait the given amount of time between each discrete read or write operation. For example, --delay 500ms enforces a delay of half a second.

The --idle-timeout option and it synonym -i allow setting a timeout for reads and writes in connect mode. If the client fails to read or write for the given time period, the connection is dropped. These options do not work in listen mode.

The --wait (or -w for short) option sets how long Ncat will wait for a connection to be established in connect mode. The default is 10 seconds.