Installation and Variants
| OS / Distribution | Command | Default Variant | Install If Missing |
|---|---|---|---|
| macOS | nc | BSD netcat (built-in) | Pre-installed |
| Ubuntu / Debian | nc or netcat | OpenBSD netcat | apt install netcat-openbsd |
| CentOS / RHEL | nc | ncat (from nmap) | yum install nmap-ncat |
| Arch Linux | nc | OpenBSD netcat | pacman -S openbsd-netcat |
| Windows | ncat.exe | Not built-in | Install nmap (includes ncat) |
Flag Reference
| Flag | Meaning | Example |
|---|---|---|
-v | Verbose output — shows connection status | nc -v host 443 |
-z | Zero-I/O mode — scan without sending data | nc -vz host 22 |
-u | UDP mode instead of TCP | nc -u host 53 |
-l | Listen mode — accept incoming connections | nc -l 9000 |
-w | Timeout in seconds | nc -w 3 host 443 |
-n | No DNS resolution — use numeric addresses only | nc -vn 1.1.1.1 80 |
-p | Specify source port | nc -p 12345 host 80 |
-k | Keep listening after client disconnects (ncat) | ncat -lk 9000 |
Common TCP Port Tests
# Test HTTPS reachability
nc -vz example.com 443
# Test SSH on a remote server
nc -vz 192.168.1.10 22
# Test SMTP with a 5-second timeout
nc -w 5 mail.example.com 25
# Test a local service without DNS
nc -vn 127.0.0.1 8080-v prints the connection result. -z closes immediately without sending data — useful for port scanning without triggering application behavior.
Two-Machine LAN / VPN Connectivity Test
To verify two machines can reach each other on a specific port — useful for testing VPN tunnels, port forwards, and firewall rules:
# On the server machine (listen on port 9000):
nc -l 9000
# On the client machine (connect):
nc server-ip 9000
# Type in either terminal — text appears on the other side.
# If the connection fails, a firewall or routing rule is blocking it.Rough Throughput Test
Netcat can measure raw TCP throughput between two hosts — useful when you need a quick LAN bandwidth check without installing iperf:
# Server side:
nc -l 9000 > /dev/null
# Client side (send 100MB of zeros, time it):
dd if=/dev/zero bs=1M count=100 | nc server-ip 9000Divide 100 MB by elapsed seconds to estimate throughput. This is a rough measure — iperf is more accurate for real measurements.
UDP Testing Caveat
UDP has no connection handshake. nc -uz host 53 sends a packet and waits for a response, but no response does not prove the port is closed — the host may simply not send a UDP reply to empty probes. Interpret UDP test results with application logs or packet capture when the answer matters.
Common Port Reference
| Port | Service | Protocol | Test Command |
|---|---|---|---|
| 22 | SSH | TCP | nc -vz host 22 |
| 25 | SMTP | TCP | nc -w 5 host 25 |
| 80 | HTTP | TCP | nc -vz host 80 |
| 443 | HTTPS | TCP | nc -vz host 443 |
| 3389 | RDP | TCP | nc -vz host 3389 |
| 5900 | VNC | TCP | nc -vz host 5900 |
| 53 | DNS | UDP | nc -uz host 53 |
Security Note
Do not leave netcat listeners running after testing. A listening nc accepts connections from any source that can reach the port. Some netcat variants support -e (execute) which can expose a shell — never use -e on a production system. Treat netcat as a temporary diagnostic tool: open it, test, close it.
Frequently Asked Questions
Is netcat installed by default?
On macOS and most Linux distributions, yes — though the variant differs. The command is usually nc. On Windows, it is not built-in; install nmap which includes ncat, or download a standalone binary. Check with nc --version or which nc.
Can netcat test UDP ports?
Yes with -u, but UDP test results are harder to interpret than TCP because there is no connection handshake. A successful UDP probe only means a packet was sent — no response can mean the port is closed, the host dropped the probe, or the service does not reply to empty UDP packets. Use protocol-specific tools (like dig for DNS) when UDP confirmation matters.
Is netcat dangerous?
In diagnostic use, no. The risk is leaving listeners open — they accept any connection on that port. Some versions also support -e to execute a program on connect, which is how netcat is abused. Use it for testing, close it when done, and avoid -e entirely.
What is the difference between nc, netcat, and ncat?
They are different implementations with similar but not identical flag sets. BSD netcat (macOS default) and OpenBSD netcat (common on Ubuntu) are close but differ on some flags. Ncat (from nmap) adds SSL support and more options. Most basic diagnostic use works the same across all three.