Are there netcat-like tools for Windows which are not quarantined as malware?

I used to use netcat for Windows to help track down network connectivity issues. However these days my anti-virus software (Symantec - but I understand others display similar behaviour) quarantines netcat.exe as malware.

Are there any alternative applications which provide at least the following functionality:

can connect to an open TCP socket and send data to it which is typed on the console
can open and listen on a TCP socket and print received data to the console

I don't need the 'advanced' features (which are possibly the reason for the quarantining) such as port scanning or remote execution.

Matthew Murdoch

Posted 2009-07-28T15:33:36.233

Reputation: 639

Answers

ncat seems to be exactly what you're looking for. It's an implementation of netcat available on the official Nmap site with the port scanning feature removed. Doesn't raise any virus alerts either.

From the "Ncat Users' Guide":

Ncat is our modern reinvention of the venerable Netcat (nc) tool released by Hobbit in 1996. While Ncat is similar to Netcat in spirit, they don't share any source code. Instead, Ncat makes use of Nmap's well optimized and tested networking libraries. Compatibility with the original Netcat and some well known variants is maintained where it doesn't conflict with Ncat's enhancements or cause usability problems. Ncat adds many capabilities not found in Hobbit's original nc, including SSL support, proxy connections, IPv6, and connection brokering. The original nc contained a simple port scanner, but we omitted that from Ncat because we have a preferred tool for that function.

Andrew Nguyen

Posted 2009-07-28T15:33:36.233

Reputation: 331

http://joncraton.org/blog/netcat-for-windows

This person ran into the exact same problem; read till the end for the version compiled without remote execution. I downloaded and extracted these on two systems running 'Symantec Endpoint Protection'. While the netcat on this page was removed and quarantined when run, the 'rodneybeede' version linked to near the end of the page tried to connect to the desired port, and wasn't quarantined.

user38983

Posted 2009-07-28T15:33:36.233

Reputation: 407

This netcat is ancient and does not have IPv6 support. – Mygod – 2019-06-27T10:46:05.653

Yes, note that this site has a download with a "non -e" version that apparently is more friendly for virus scanners. – rogerdpack – 2014-06-10T14:59:55.667

The quick answer here is to use the built in Telnet program from the CMD command line.

the command is...

telnet hostname.domain.com 80

The above example will connect you to the hostname on port 80. you can use it on just about any port you need to check out. This is extremely handy for troubleshooting SMTP and ESMTP issues.

Axxmasterr

Posted 2009-07-28T15:33:36.233

Reputation: 7 584

10Yes telnet is useful, but only solves half of the problem. – heavyd – 2009-07-28T15:43:10.317

This will only allow me to do the first of my bullet points, won't it? Also doesn't telnet expect some sort of handshake communication from the socket it connects to? – Matthew Murdoch – 2009-07-28T15:44:26.807

8You no longer have telnet on win vista. – Mercer Traieste – 2009-07-28T16:07:19.380

But you can install it, according to (for example) http://www.adamsdvds.co.uk/tutorials/vista/telnet/telnet.php...

– Matthew Murdoch – 2009-07-28T16:23:53.137

1AFAIK it does both. You can connect it to a port and look to see what the output is. I do this all the time. Connecting to the port also works like a champ. You can also run telnet from the command line by itself. This gets you to the telnet command line. You can tweak the setting to echo locally by typing "Set Localecho" – Axxmasterr – 2009-07-28T16:32:21.310

Matthew: telnet doesn't have any special handshake; there are, however, some special control characters. But telnet is fine for most of the usual protocols (POP3, IMAP, SMTP, HTTP, IRC...) – user1686 – 2009-07-28T16:37:02.080

According to the telnet spec. (http://www.faqs.org/rfcs/rfc854.html) there can be option negotiation between the telnet client and server just after connection. Are you saying that in practice Windows telnet client doesn't do this?

– Matthew Murdoch – 2009-07-28T16:53:00.770

Every time I have needed to force it to locally echo the characters I am typing, that is how I did it. Keep in mind you are not connecting to a telnet port as long as you use a port other than 23. – Axxmasterr – 2009-07-28T16:55:39.687

1@Axxmasterr my version of telnet (Windows XP) doesn't seem to support a 'listen' mode. – Matthew Murdoch – 2009-07-28T16:57:03.850

1Telnet can't do UDP testing like netcat can (e.g. for testing VPN connectivity) – simpleuser – 2019-04-30T00:06:19.203

2Since the link from Matthew doesn't work anymore, telnet still exists in Vista and 7, it just has to be installed in the Control Panel/Turn windows features on/off. AFAIK it doesn't even require the installation DVD. – Cray – 2012-11-06T13:49:58.663

I discovered that MobaXterm for Windows has the nc (netcat) command, as well as many other Unix commands, like ls, ps, and kill.

I wholeheartedly recommend MobaXterm, especially if you are familiar with both Unix and DOS. For me, there was nothing to install; it's just one executable that opens a terminal window in Windows that accepts many Unix commands. Since I frequently use both Unix and DOS and often use one to connect to the other, MobaXterm for Windows is an extremely useful tool for me.

(Sorry if this sounds like an advertisement; I don't work for nor am I affiliated with MobaXterm. A friend recently introduced it to me and it made certain tasks so much easier for me.)

J-L

Posted 2009-07-28T15:33:36.233

Reputation: 99

I believe this is just the "cygwin" netcat, and installed to a temp folder, so not accessible outside "MobaXterm" [however, it does work from inside its shell]. – rogerdpack – 2014-06-10T15:03:14.523

If you need netcat, you can whitelist netcat.exe in your anti-virus program.

You may also want to download a current version, which is called ncat and can be found in the nmap distribution.

mivk

Posted 2009-07-28T15:33:36.233

Reputation: 2 270

unfortunately "ncat" (the command line executable provided by the nmap distro) doesn't seem to be a drop in replacement for the unix "nc" command [different command line parameters] <sigh>...you have to get a true "netcat" somewhere else [or use cygwin] – rogerdpack – 2014-06-10T15:13:27.457

You can download Ncat - Netcat for the 21st Century. It seems to be a modern version of NCat, it is actively supported, and, most important, it had a 0/48 detection ratio at VirusTotal.

Portable version or from NMap Windows installer - disable anything else from the install wizard:

enter image description here

sashoalm

Posted 2009-07-28T15:33:36.233

Reputation: 2 680

Even if it seems otherwise, Wireshark is easy to use. You can setup it easily to listen to a specific port.

wireshark

Another tool is nmap which again, I find easy to use. It will tell you much about open ports on a remote machine, so you can use it troubleshoot connectivity issues. Just nmap www.google.com from command line, or from included gui interface.

nmap

Just give them a try.

Mercer Traieste

Posted 2009-07-28T15:33:36.233

Reputation: 2 112

2Will these tools let me 'open and listen on a TCP socket and print received data to the console' (the second bullet point)? – Matthew Murdoch – 2009-07-28T16:17:42.713

2I've updated the answer with a screenshot of tcp capture from Wireshark. In 9 minutes i've downloaded it, installed it, started a capture, and gave it a screenshot. – Mercer Traieste – 2009-07-28T16:28:43.657

2But isn't Wireshark capturing data sent between two already executing networked processes? I really want to be able to start up the application to listen on a port as a server (as I could with netcat) so that I can debug client applications. – Matthew Murdoch – 2009-07-28T16:48:46.737

5Wireshark will not allow you to communicate with the server you are connected to, nor will it listen on socket for incoming connnection. It is a packet capture tool, not quite what the OP is looking for. – heavyd – 2009-07-28T17:19:39.687

Will WireShark let me capture data between two processes running on the same machine? – Matthew Murdoch – 2009-07-31T08:35:10.970

@MatthewMurdoch If the processes communicate with pipes then no. If the processes communicate via 127.0.0.1 then wireshark for linux allows it.. Wireshark for windows might have an issue with 127.0.0.1 and you'd then need to use rawcap to see packets on 127.0.0.1 which is a bit like tcpcap, it's a command line wireshark. Anyhow these things are packet sniffers, not comparable to nc in function. – barlop – 2018-02-13T13:32:41.443

There is now also separate 'ncat' static build available at http://nmap.org/dist/ncat-portable-5.59BETA1.zip

Rostfrei

Posted 2009-07-28T15:33:36.233

Reputation: 111