List incoming connections on nc (netcat)

1

1

I set up nc on some computers in my office. They're connecting to our server like so:

nc 192.168.1.2 3291 -e cmd

Does anyone know how to list incoming connection attempts rather than accept one? Not:

nc -l 192.168.1.2 3291

EDIT: Listing part solved, using tcpdump. Remaining part of question:

How to accept a connection in nc from a specific host only? i.e., 192.168.1.6, 192.168.1.7, and 192.168.1.8 are all asking to connect, and we only want to talk to 192.168.1.7. Is there any way to do this with nc?

Megsi

Posted 2013-02-19T02:40:35.677

Reputation: 13

Answers

2

You want to see clients who are tyring to connect in realtime, right?

You can use tcpdump for this.

For example to watch what's happening on TCP port 3291 you can do tcpdump -i any tcp port 3291. Then you can watch in realtime all packets that arrive on this port.

replay

Posted 2013-02-19T02:40:35.677

Reputation: 474

Thanks, any way to single a client out and connect to it with nc? – Megsi – 2013-02-19T03:13:48.343

you can single a client out using the pcap syntax: tcpdump -i any tcp port 3291 and host 1.2.3.4 – replay – 2013-02-19T03:15:46.187

but how do you want to connect to it? if you have an nc server running and listening there, you can connect back using nc – replay – 2013-02-19T03:16:17.107

btw. if you want to know more about the filters in tcpdump, this manpage is very helpful man 7 pcap-filter – replay – 2013-02-19T03:21:22.390

1preferably like nc -l 192.168.1.2 3291 --CLIENT-TO-CONNECT – Megsi – 2013-02-19T03:23:05.083

I'm using sudo tcpdump -i en1 -vv tcp port 3291 to pick up the packets atm. Thanks. Just need to figure out how to accept a specific connection from one machine with nc. – Megsi – 2013-02-19T03:25:10.363

0

Is this linux (both win and linux are tagged)?

You can have iptables both log and filter connections. This is a very poor example. Do more research into iptables (specifically logging) if you want to do this. Order matters. Persisting config varies between distros. On RHEL/CentOS iptables-save > /etc/sysconfig/iptables. Be careful.

iptables -N LOGREJECT
iptables -A LOGREJECT -j LOG --log-prefix="PORT3291: "
iptables -A LOGREJECT -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 3291 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3291 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 3291 -j LOGREJECT

In this example 127.0.0.1 and 192.168.1.100 are the only hosts permitted to connect. Everything else will be logged and rejected.

This should show in one of your logs somewhere. For me default log level will show in /var/log/messages and dmesg.

user201413

Posted 2013-02-19T02:40:35.677

Reputation:

Asked: 2013-02-19T02:40:35.677

Viewed: 3 166 times

Active: 2013-02-22T10:51:30.653