Anthony De La Rosa @Anthony.D. / 5:00 PM EDT. November 25, 2022.
If you've been following the previous posts in this blog series, you may have noticed that I've been highlighting various basic tools that are used by DevOps Engineers. In this third post we'll be discussing one of my favorite tools — netcat . This is a very simple tool which can be used to transfer files, upgrade packages and generally manage system resources.
This is part 3 of our series about basic tools for an effective DevOps engineer. To be a good DevOps engineer, one must first have language skills that match the technology being used. The same is true for tools. A good set of tools will help you write better code, test your infrastructure more efficiently, and maintain it in a timely manner. There are plenty of great open source projects out there, so let's take a look at three essential tools that any modern DevOps engineer should store on their computer.
In this part, we're going to cover netcat. Netcat is a very simple and powerful tool for transferring data between computers by acting as a client and server. It is actually built into many operating systems, but it's also available as an external application on Linux/Unix systems such as Mac OS/X, Microsoft Windows and even some mobile platforms such as Android. Let's take a look at how we can utilize netcat to help us connect two different machines together over the network without having to mess around with your terminal or ssh client.
What is Netcat (nc)
Netcat which is often abbreviated to nc does not come installed by default in most Linux distributions but an easy apt install nc or yum install nc should do it. Mac has a built in bash terminal and it can be installed with something like brew install nc and I believe Windows supports the tool as well. Netcat is a networking tool that can establish a TCP or UDP connection between two hosts. Ok so what does that really mean? Perhaps the following diagram helps:
Suppose you are client a and you are trying to SSH into a server over port 22. You would make an SSH request via the internet to the server’s IP/DNS address and a firewall (hopefully configured) would allow or deny the request. Simple enough right? But now let’s suppose you are trying to test an application that runs on that server via your browser and it doesn’t work. This is how that would look in the same diagram:
You make a request to the server on port 9090 but the connection is refused and/or times out.
You could have sworn that the application which runs on port 9090 was working fine a few days ago but now it doesn’t. What do you do? Reboot the server? Restart the application. Review logs? Yes, you could do all those and it might still not work or you could Netcat (nc) to test against that port.
Notice the response on port 22, the connection has been established. Notice port 9090 has no response but this response doesn’t necessarily mean something is wrong with the server. This could mean two things: 1) the server indeed does not have an application running on port 9090 or b) your IP is not allowed to access this server on port 9090 (because you configured a firewall right? 😧). This answers the root of the cause quickly because now you know that either a) the application is not running on port 9090 or b) the application is running on port 9090 but your IP is being denied.
You can test this with a domain like www.google.com. Look what happens when you test port 80 and 443. Notice what happens when you try port 22.
So why does Google open port 80 and 443 to everyone in the world? Well, if you go to http://www.google.com it will forward you to https://www.google.com and they allow both HTTP and HTTPS because some people might refer to it via HTTP, and if that port was blocked, the site would never load. Therefore, if someone makes a request to Google on port 80 they will be automatically forwarded to port 443 to establish a secure connection.
Netcat or nc is a very powerful tool that can be used to find out if a port is listening and if that port is accepting traffic from your end. Netcat can also be used as a port scanner but it’s best used when using internally, because it would have to iterate through a range of ports and it would need to time out before it moves to the next one. I am running nc against my WiFi Router at home and the results are instant compared to running port scanning against www.google.com
Given that this awesome tool is still being used 27 years later proves how great this tool is. Netcat along with other basic but crucial tools in this series will undoubtedly make you an effective and productive DevOps Engineer.
Netcat is a basic tool used in DevOps to administer c-groups, tcp socket connectivity, as well as in forensics for data transfer. With its rich repertoire of usability and functionality, people might not notice it at first sight. For example, you use netcat when you connect via SSH using port-forwarding.
If you are ready to become a DevOps engineer and have a successful career, we can help you get started. Our DevOps engineer online course covers GIT, Jenkins, Docker, Kubernetes, Ansible, Terraform and cloud. Not only will you learn what you need, but you will also get hands-on experience with our in-house paid co-op, which will give you experience that will able to blow the competition away. Our graduates have gone on to work for each of Canada's Top 100 companies - and you can be next. Ready to land your dream job? Click here to see our schedule.