Stage 2 · Tools
Network Scripting
nc, nmap & Port Scanning
Test connectivity, scan ports, transfer files, and debug network services.
netcat Basics
netcat (nc) is the Swiss army knife of networking. It reads and writes data across network connections — TCP or UDP. Use it for testing, debugging, simple file transfers, and creating listeners.
# Simple port test
nc -zv example.com 80
# Scan a range of ports
nc -zv example.com 80-443
# Listen on a port (server)
nc -l 8080
# Connect to a listener (client)
nc localhost 8080
# UDP scan
nc -zuv example.com 53
# Timeout connection
nc -zv -w 3 example.com 80nc -z scans without sending data (zero-I/O mode). -v is verbose. -w sets a timeout. -l listens for incoming connections. -u uses UDP instead of TCP.
Port Scanning
netcat can scan ports to check which services are listening. This is useful for verifying deployments and debugging connectivity issues.
# Check if a single port is open
nc -zv server 443
# Scan common web ports
for port in 80 443 8080 8443; do
nc -zv -w 2 server "$port" 2>&1 | grep -v "Connection refused"
done
# Scan port range
nc -zv server 1-1024 2>&1 | grep "succeeded"
# Quick port check script
check_port() {
nc -zv -w 2 "$1" "$2" 2>/dev/null
}
if check_port example.com 443; then
echo "HTTPS is accessible"
else
echo "HTTPS is blocked"
finc port scanning is quick but not comprehensive. For detailed scanning, use nmap. nc is better for quick checks and verifying specific ports in scripts.
File Transfer
netcat can transfer files between machines without SCP or rsync. This is useful in restricted environments or for quick one-off transfers.
# Receiver (server)
nc -l 9999 > received_file.tar.gz
# Sender (client)
tar czf - /data | nc server 9999
# Receiver with progress
nc -l 9999 | pv > received_file.tar.gz
# Transfer with verification
# Sender
md5sum file.tar.gz
cat file.tar.gz | nc server 9999
# Receiver
nc -l 9999 > file.tar.gz
md5sum file.tar.gz # Compare hashesThe receiver starts listening first, then the sender connects. Use pv to show transfer progress. Always verify with checksums. This is insecure (no encryption) — use for trusted networks only.
netcat does not encrypt data. For sensitive files, use SCP, rsync over SSH, or wrap the connection in an SSH tunnel. netcat transfers are only appropriate for trusted networks.
Network Debugging
netcat is invaluable for debugging network issues — testing connections, simulating servers, and checking firewall rules.
# Test if port is open through firewall
nc -zv target-server 443
# Simulate a simple server
while true; do
echo "HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK" | nc -l 8080
done
# Check DNS resolution
nslookup example.com
dig example.com
# Test specific IP connectivity
ping -c 3 8.8.8.8
# Check routing
traceroute example.com
# Verify local listening ports
ss -tlnp | grep :80For basic connectivity: ping. For port testing: nc. For DNS: nslookup/dig. For routing: traceroute. For listening ports: ss or netstat. Use these in order to isolate network issues.
nmap Essentials
nmap is the comprehensive network scanner. It provides detailed information about hosts, ports, services, and operating systems. Essential for security auditing and network discovery.
# Quick scan of common ports
nmap example.com
# Scan specific ports
nmap -p 80,443,8080 example.com
# Scan all ports
nmap -p- example.com
# Service version detection
nmap -sV example.com
# OS detection
nmap -O example.com
# Aggressive scan (OS, version, scripts, traceroute)
nmap -A example.com
# Scan a subnet
nmap 192.168.1.0/24nmap -sV identifies service versions. -O detects the operating system. -A is aggressive (combines multiple scans). -p- scans all 65535 ports (slower but thorough).
# Default scripts
nmap -sC example.com
# HTTP scripts
nmap --script http-title,http-headers example.com
# SSL/TLS check
nmap --script ssl-enum-ciphers -p 443 example.com
# Vulnerability scripts
nmap --script vuln example.com
# Output formats
nmap -oA scan_results example.com # All formats
nmap -oG - example.com # Grepable outputnmap scripts (NSE) extend scanning capabilities. Default scripts (-sC) provide useful information. Vulnerability scripts check for known issues. Output formats support further processing.
Run nmap -sV -sC target regularly on your servers to verify only expected ports are open and services are up to date. Automate this with a cron job for continuous monitoring.
Mark this lesson complete to store local progress and unlock a cleaner resume path the next time you visit.