The life of a sysadmin is hectic, rushed, and often frustrating. So, what you really need is a toolbox filled with tools that you easily recognize and can use quickly without another learning curve when things are going bad. One such tool is the ncat
command.
ncat - Concatenate and redirect sockets
The ncat
command has many uses, but the one I use it for is troubleshooting network connectivity issues. It is a handy, quick, and easy to use tool that I can't live without. Follow along and see if you decide to add it to your toolbox as well.
From the ncat man page:
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations. It is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.
Among Ncat's vast number of features there is the ability to chain Ncats together; redirection of TCP, UDP, and SCTP ports to other sites; SSL support; and proxy connections via SOCKS4, SOCKS5 or HTTP proxies (with optional proxy authentication as well).
Firewall problem or something else?
You've just installed <insert network service here>, and you can't connect to it from another computer on the same network. It's frustrating. The service is enabled. The service is started. You think you've created the correct firewall exception for it, but yet, it doesn't respond.
Your troubleshooting life begins. In what can stretch from minutes to days to infinity and beyond, you attempt to troubleshoot the problem. It could be many things: an improperly configured (or unconfigured) firewall exception, a NIC binding problem, a software problem somewhere in the service's code, a service misconfiguration, some weird compatibility issue, or something else unrelated to the network or the service blocking access. This is your scenario. Where do you start when you've checked all of the obvious places?
The ncat command to the rescue
The ncat
command should be part of your basic Linux distribution, but if it isn't, install the nmap-ncat
package and you'll have the latest version of it. Check the ncat
man page for usage, if you're interested in its many capabilities beyond this simple troubleshooting exercise.
Using the ncat
command, you will set up a TCP listener, which is a TCP service that waits for a connection from a remote system on a specified port. The following command starts a listening socket on TCP port 9999.
$ sudo ncat -l 9999
This command will "hang" your terminal. You can place the command into background mode, to operate similar to a service daemon using the &
(ampersand) signal. Your prompt will return.
$ sudo ncat -l 8080 &
From a remote system, use the following command to attempt a connection:
$ telnet <IP address of ncat system> 9999
The attempt should fail as shown:
Trying <IP address of ncat system>...
telnet: connect to address <IP address of ncat system>: No route to host
This might be similar to the message you receive when attempting to connect to your original service. The first thing to try is to add a firewall exception to the ncat
system:
$ sudo firewall-cmd --add-port=9999/tcp
This command allows TCP requests on port 9999 to pass through to a listening daemon on port 9999.
Retry the connection to the ncat
system:
$ telnet <IP address of ncat system> 9999
Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.
This message means that you are now connected to the listening port, 9999, on the remote system. To disconnect, use the keyboard combination, CTRL + ]. Type quit to return to a prompt.
$ telnet <IP address of ncat system> 9999
Trying <IP address of ncat system>...
Connected to <IP address of ncat system>.
Escape character is '^]'.
^]
telnet>quit
Connection closed.
$
Disconnecting will also kill the TCP listening port on the remote (ncat) system, so don't attempt another connection until you reissue the ncat
command. If you want to keep the listening port open rather than letting it die each time you disconnect, issue the -k (keep open) option. This option keeps the listening port alive. Some sysadmins don't use this option because they might leave a listening port open potentially causing security problems or port conflicts with other services.
$ sudo ncat -k -l 9999 &
What ncat tells you
The success of connecting to the listening port of the ncat
system means that you can bind a port to your system's NIC. You can successfully create a firewall exception. And you can successfully connect to that listening port from a remote system. Failures along the path will help narrow down where your problem is.
What ncat doesn't tell you
Unfortunately, there's no solution for connectivity issues in this troubleshooting technique that isn't related to binding, port listening, or firewall exceptions. This is a limited scope troubleshooting session, but it's quick, easy, and definitive. What I've found is that most connectivity issues boil down to one of these three. My next step in the process would be to remove and reinstall the service package. If that doesn't work, download a different version of the package and see if that works for you. Try going back at least two revisions until you find one that works. You can always update to the latest version after you have a working service.
Wrap up
The ncat
command is a useful troubleshooting tool. This article only focused on one tiny aspect of the many uses for ncat
. Troubleshooting is as much of an art as it is a science. You have to know which answers you have and which ones you don't have. You don't have to troubleshoot or test things that already work. Explore ncat
's various uses and see if your connectivity issues go away faster than they did before.
[ Network getting out of control? Check out Network automation for everyone, a free book from Red Hat. ]
About the author
Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. Ken also has 20+ years of experience as an enterprise sysadmin with Unix, Linux, Windows, and Virtualization.
Follow him on Twitter: @kenhess for a continuous feed of Sysadmin topics, film, and random rants.
In the evening after Ken replaces his red hat with his foil hat, he writes and makes films with varying degrees of success and acceptance. He is an award-winning filmmaker who constantly tries to convince everyone of his Renaissance Man status, also with varying degrees of success and acceptance.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit