Simple client / server with nc not working

linux-networking nc

Why is the following not working?

I have a freshly installed Debian 9 system. iptables is wide-open:

[···]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I log in on two separate consoles (well, two separate ssh logins). In one of them, I run:

[···]# nc -l 11115

Then, I go to the other console, and run:

[···]# nc localhost 11115

and I get a Connection refused error:

[···]# nc localhost 11115
localhost [127.0.0.1] 11115 (?) : Connection refused

I also tried nc 127.0.0.1 11115, tried with telnet --- always Connection refused.

On the "listening" side, I also tried nc -l localhost 11115 --- no difference.

What am I missing or doing wrong?

[EDIT]: On a CentOS 6.9 machine, the exact same commands above work as expected. Same thing on my Ubuntu 14.04 at home. I thought it may be that running as root makes nc disallow some functionality. But no, I just tried as a regular user on the Debian 9 machine, and it fails all the same. Any ideas why?


There are actually four (or more?) distinct programs called nc (netcat) which are forks or rewrites of the same basic program from long ago and far away.

The default in Debian seems to be what it calls netcat-traditional, the ancient original version. I was able to reproduce this problem with netcat-traditional; listening seems very broken. It did not actually bind to a port; I could not see it listening in ss output, nor did I see it attempt to bind when running it under strace.

The other available Debian package is called netcat-openbsd, which is a currently maintained fork of the original netcat by OpenBSD developers. You should find that it works if you install this package (and you can then remove netcat-traditional).

There is yet another netcat package, which is used by Red Hat based systems, developed and maintained by Fyodor of nmap and insecure.org and other developers. It is a complete rewrite from the ground up and uses no traditional netcat or BSD netcat code. It also works properly. Its package name (on Red Hat systems) is nmap-ncat.

I've recently learned of a fourth netcat, GNU netcat, which was also a ground-up rewrite, but was abandoned in 2007. Strangely, one or two Linux distributions (such as Arch) still ship it.


On Debian 2 packages netcat and a transitional package , that will refer to netcat-traditional

root@debian9:~# apt-cache search ^netcat
netcat - TCP/IP swiss army knife -- transitional package
netcat-traditional - TCP/IP swiss army knife
netcat-openbsd - TCP/IP swiss army knife
[../..]

When you run multiple times nc -l 11115 , nc is listening but on a random port ( seem to be random ) .

root@debian9:~# lsof -p $(pidof nc ) | grep LISTEN
nc      12734 root    3u  IPv4 11892054      0t0   TCP *:44907 (LISTEN)

In fact you can run nc -l instead of nc -l 11115 , and you will have the same behavior .

YES netcat-traditional is a old software and some simple bug are not fixed ( in your case example, missing the parameter -p PORT for listening .

You can prefer netcat-openbsd , and it will work as you expected .

root@debian9:/# lsof -p $( pidof nc ) | grep LISTEN
nc      2140 root    3u  IPv4  29855      0t0     TCP *:11115 (LISTEN)

Related

Specifying a Postfix Instance to send outbound email
How to run a cron job?
How to read HUGE clientmqueue in human format?
Prevent owner to change permissions on network share
Strange GET requests in logs
What rule can I use in ModSecurity to log POST payload for a specific site?
FTP Active vs passive mode
Migrate from Exchange 2010 to Exchange 2016
DNS resolve timeout on RHEL 6.3 behind firewall
Is it possible to add a local user to the admins group through group policy?
bind9 in a chroot jail - necessary or not?
How can we open our firewall to allow Google Analytics?