Netcat - crupper/Forensics-Tool-Wiki GitHub Wiki
#Netcat
#####Source: For Windows, I would recommend getting Ncat from the Nmap suite. It can be found here.
For Linux, nc is the default application. However, here is a source.
##Description From the source:
Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol... In the simplest usage, "nc host port" creates a TCP connection to the given port on the given target host.
Netcat is designed for two way communication. There is a listener and a sender, although the roles can be switched depending on the way the command is input.
##My Thoughts and Uses
Netcat is the poor man's FTP. It is a remarkable tool that is very useful for forensics. I use it often and frequently. In forensics, one needs to be careful when extracting information. You simply shouldn't save files containing evidence on the victim machine. Thus netcat provides a solution where you can collect data from the victim machine and immediately send it to a forensic machine where it can be saved and analysed later.
####The syntax for netcat is very simple: To Listen:
nc -l -p [port]
To Send data:
nc [host] [port]
There are many command line options for netcat. I often use the -w [number] to set a timeout when sending data. After the time, the command simply stops trying to connect to the other machine.
My use case in forensic analysis often looks something like this:
On the victim machine:
netstat -an | /media/tools/nc.exe -w 3 [IP address] [Port]
On the forensic machine:
nc -l -v -p [Port number] > netstat_info.txt
##Resources and more information: