Socat & netcat, the Swiss Army knife in Linux Network Tools

Yu Qingle 2021-04-16 16:01:28
socat netcat swiss army knife

Independent blog reading :

Personal notes , It's not guaranteed to be right !

All the orders in this article are in macOS Big Sur and Opensuse Tumbleweed Upper test passed

socat & netcat

netcat(network cat) It's a web toolkit with a long history , It's called TCP/IP The Swiss Army knife , The major Linux Distributions have default installations openbsd Version of netcat, Its command line name is nc.

and socat(socket cat), Official documents describe it as "netcat++" (extended design, new implementation), The project is quite active ,kubernetes-client(kubectl) The bottom layer is used to forward all kinds of traffic .

It's not convenient to install socat In the environment of , We can use the system's own netcat.
And in other environments , Priority can be given to socat.

One 、 brief introduction

socat The basic command format of :

socat [ Parameters ] Address 1 Address 2

to socat Provide two addresses ,socat The job is to connect the flows of two addresses . The output of the left address goes to the right , At the same time, the output of the right address is sent to the left , That's one Two way data pipeline .

Sounds like nothing special , But in fact, what the computer network does is data transmission , It affects the whole world , Its function cannot be underestimated .

socat Support a lot of address types :-/stdio,TCP, TCP-LISTEN, UDP, UDP-LISTEN, OPEN, EXEC, SOCKS, PROXY wait , Can be used for port monitoring 、 link , File and process read and write , Proxy bridging and so on .

socat It's that simple , The command line arguments are also simple , The only thing that needs to be learned is the definition and collocation of its various addresses .

and netcat The definition doesn't seem so rigorous , Can be simply understood as the network version of cat command 2333

Two 、 Installation method

Every distribution comes with netcat, The package name is usually nc-openbsd, So here's just socat Method of installation :

# Debian/Ubuntu
sudo apt install socat
# CentOS/RedHat
sudo yum install socat
# macOS
brew install socat

Other distributions can also be installed using the package manager socat

3、 ... and 、 Common commands

1. Network debugging

1.1 Check the connectivity of the remote port ( Make sure the firewall is OK )

You may have learned how to use it before telnet To do this test , But now many distributions don't come with them telnet 了 , Additional installation is required .
telnet Almost dead , Or suggest using more professional socat/netcat

Use socat/netcat Check the connectivity of the remote port :

# -d[ddd] Increase log detail ,-dd Prints fatal, error, warning, and notice messages.
socat -dd - TCP:
# -v Show details
# -z Don't send data , The effect is to close the connection immediately , Quick results
nc -vz 8080
# -vv Show more details
# -w2 The timeout is set to 2 second
# Use nc Do a simple port scan
nc -vv -w2 -z 20-500

1.2 Test whether the local port can be accessed by external ( Detect firewalls 、 route )

Listen to a TCP port , The received content is sent to stdout, At the same time stdin Input to the client :

# Server start command ,socat/nc A choice
socat TCP-LISTEN:7000 -
# -l --listening
nc -l 7000
# Client connection command ,socat/nc A choice
socat TCP: -
nc 7000

UDP Protocol testing is very similar , Use netcat An example of this is :

# Server side , Monitor only ipv4
nc -u -l 8080
# client
nc -u 8080
# Client native test , Be careful localhost It will be preferentially interpreted as ipv6! This will cause the server to (ipv4) Of nc No data received !
nc -u localhost 8080

Use socat Of UDP The test example is as follows :

socat UDP-LISTEN:7000 -
socat UDP: -

1.3 debugging TLS agreement

Reference resources socat Official documents :Securing Traffic Between two Socat Instances Using SSL

Test the generation of certificate and private key. See [TLS agreement 、TLS certificate 、TLS Certificate configuration method 、TLS Encryption cracking means ]({{< ref "about-tls-cert/" >}})

Simulate one mTLS The server , monitor 4433 port , The received data is also output to stdout:

# socat You need to use a pem file , The generation method is as follows
cat server.key server.crt > server.pem
cat client.key client.crt > client.pem
# Server start command
socat openssl-listen:4433,reuseaddr,cert=server.pem,cafile=client.crt -
# Client connection command
socat - openssl-connect:,cert=client.pem,cafile=server.crt
# Or use curl Connect ( We know ca.crt and server.crt Can be used for cacert/cafile)
curl -v --cacert ca.crt --cert client.crt --key client.key --tls-max 1.2

The above command uses mTLS Two way authentication protocol , By setting verify=0 To turn off client authentication , Examples are as follows :

# socat You need to use a pem file , The generation method is as follows
cat server.key server.crt > server.pem
# Server start command
socat openssl-listen:4433,reuseaddr,cert=server.pem,verify=0 -
# Client connection command , If ip/ Domain names are not protected by certificates , It also needs to be added verify=0
socat - openssl-connect:,cafile=server.crt
# Or use curl Connect , The certificate is invalid. Please add -k Skip Certificate Validation
curl -v --cacert server.crt

2. The data transfer

Usually when transferring files , I'm used to using scp/ssh/rsync, however socat You can actually transfer files .

In order to demo.tar.gz From host A Send to host B For example ,
First, on the data sender A Execute the following command :

# -u It means that data is only transmitted from the address on the left to the address on the right (socat The default is a two-way pipe )
# -U and -u contrary , Data is only transmitted from the right to the left in one direction
socat -u open:demo.tar.gz tcp-listen:2000,reuseaddr

And then at the data receiver B Execute the following command , You can receive the file :

socat -u tcp: open:demo.tar.gz,create
# If it's too cumbersome , It can also be directly passed through stdout Redirect
socat -u tcp: - > demo.tar.gz

Use netcat Data transmission can also be realized :

# Start the server at the receiver first
nc -l -p 8080 > demo.tar.gz
# Then start the client to send data at the sender
nc 8080 < demo.tar.gz

3. Take on the temporary web The server

Use fork reuseaddr SYSTEM Three commands , Reuse systemd/supervisor Manage it , You can use a few lines of command to achieve a simple background server .

The following command will listen 8080 port , And connect the data stream with Of stdio Connect , You can access it directly with a browser http://<ip>:8080 To see the effect .

socat TCP-LISTEN:8080,reuseaddr,fork SYSTEM:"python3"

hypothesis The content is :

print("hello world")

that curl localhost:8080 It should output hello world

4. Port forwarding

monitor 8080 port , Set up the port with Two way pipe between :

socat TCP-LISTEN:8080,fork,reuseaddr

take curl Command to test , You should be able to access Baidu normally :

# Pay attention to the designation Host
curl -v -H 'Host:' localhost:8080

Reference resources

本文为[Yu Qingle]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云