nc – tcp/ip swiss army knife

ABOUT nc

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

TYPICAL COMMANDLINE RELATED

Window I Server

$nc -l -p  3333
hello
hello
how are you ?
fine
Window II client

$nc 127.0.0.1 3333
hello
hello
how are you ?
fine

Related Source Code Exposition

doexec (fd)
  int fd;
{
  register char * p;

  dup2 (fd, 0);                         /* the precise order of fiddlage */
  close (fd);                           /* is apparently crucial; this is */
  dup2 (0, 1);                          /* swiped directly out of "inetd". */

  if (doexec_use_sh) {
Debug (("gonna exec "%s" using /bin/sh...", pr00gie))
    execl ("/bin/sh", "sh", "-c", pr00gie, NULL);
    bail ("exec %s failed", pr00gie);   /* this gets sent out.  Hmm... */
  }

  p = strrchr (pr00gie, '/');           /* shorter argv[0] */
  if (p)
    p++;
  else
    p = pr00gie;
Debug (("gonna exec %s as %s...", pr00gie, p))
  execl (pr00gie, p, NULL);
  bail ("exec %s failed", pr00gie);     /* this gets sent out.  Hmm... */
} /* doexec */

Source Code Highlight

fiddle all  the file descriptors around, and  hand off to another prog.  Sort of like a one-off "poor man's inetd". This is the only section of code that would be security-critical, which  is
why  it's ifdefed  out  by default.  Use at your own hairy risk; if you leave shells lying around
behind open listening ports  you deserve to lose!!

Related Knowledge

It has been suggested  that the open() system call should get   a  flag   which  would   cause  it   to
select  a non-sequential   file   descriptor   from   the   outset, eliminating   the   need   for   a
separate   call   to nonseqfd(). There are, however,  a number of system calls which  create file
descriptors but  which have  no flags parameter and  which, thus, will never be  able to return
non-sequential  file descriptors;  socket() is  a classic example. So there will still  be a need for a
system call which can duplicate a file descriptor into the new space.

LINKS
http://lwn.net/Articles/236843/
http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/