Network Diagnosis On Linux With ncat
One of the most awkward things to diagnose is a network problem. Fortunately, however, this can be made easier through the use of ncat. ncat is a tool that provides a number of useful network functions, such as the ability to listen on a port and display incoming messages, make connections to remote servers, port scan, or even work as a TCP proxy.
Installing ncat
ncat comes as part of the nmap package in Debian and Ubuntu and can be installed with:
sudo apt-get update
sudo apt-get install nmap
For CentOS and Red Hat users, it can be installed from the default repositories with:
sudo yum install nmap-ncat
Using ncat for network diagnosis
With ncat installed, let’s look at some of the ways that it can be used. First, let’s imagine that we have a server with an application running that clients are complaining they can’t connect to. For this situation, ncat can be configured to listen on the server’s port and can show you what it sees from incoming connections – for example:
sudo ncat -l 8080
If you connect to the server using a web browser on http://yourserver.com:8080, you should see some output from ncat similar to the following:
GET / HTTP/1.1
Host: 192.168.5.133:8080
User-Agent: Mozilla/5.0
What follows will be the details that the web server needs to receive from a browser to process its request. If ncat displays nothing then there is a problem with the communication between the client and the server. In this example, we’ve set ncat listening on port 8080 and connected using a web browser, but you can listen on any port you want. By using this process to diagnose your server problems, you can stop your server, set ncat to listen in on the port your server would normally use, and then make a connection to your server using the client.
You can also use ncat the opposite way round as a client to make connections to a server. For example:
ncat 192.168.1.100 80
The above command would be used to make a connection to a web server listening on port 80. You’ll be left with a blank terminal for the connection that you can use to send messages to the server and see the server’s response. When contacting a web server you can use the following to request a page:
GET / HTTP/1.1
Host: myserver.com
User-Agent: my-agent
You may need to change “myserver.com” to be a domain on the server if it is using virtualhosts to be returned as a web page rather than an error. You can also set the User-Agent to be whatever you like. Once you have entered the request message, press Enter twice and the web server should respond with content. You can then use Ctrl-D to disconnect. Just as before, you can use this method to connect to any other server that you are running, enabling you to debug communication and responses.
The connections we have made so far have used the TCP protocol. You can also use ncat over UDP with the -u flag as follows:
ncat -u 192.168.1.100 80
ncat -l -u 8080
The first command would connect to the server with the IP 192.168.1.100 on UDP port 80. The second will listen for connections on UDP port 8080.
Another useful flag is the -k flag which will make the server keep listening after a client disconnects. Normally ncat only listens for the first connection from a client. So this will mean you can make multiple connections to the same ncat server for testing.
ncat -l -k 8080
So there you have it, some useful techniques for using ncat to help diagnose client and server network problems.