Independent blog reading :https://ryan4yin.space/posts/socat-netcat/

All the orders in this article are in macOS Big Sur and Opensuse Tumbleweed Upper test passed

socat & netcat

netcat(network cat) It's a web toolkit with a long history , It's called TCP/IP The Swiss Army knife , The major Linux Distributions have default installations openbsd Version of netcat, Its command line name is nc.

and socat(socket cat), Official documents describe it as "netcat++" (extended design, new implementation), The project is quite active ,kubernetes-client(kubectl) The bottom layer is used to forward all kinds of traffic .

It's not convenient to install socat In the environment of , We can use the system's own netcat.

And in other environments , Priority can be given to socat.

One 、 brief introduction

socat The basic command format of :

socat [ Parameters ] Address 1 Address 2

to socat Provide two addresses ,socat The job is to connect the flows of two addresses . The output of the left address goes to the right , At the same time, the output of the right address is sent to the left , That's one Two way data pipeline .

Sounds like nothing special , But in fact, what the computer network does is data transmission , It affects the whole world , Its function cannot be underestimated .

socat Support a lot of address types :-/stdio,TCP, TCP-LISTEN, UDP, UDP-LISTEN, OPEN, EXEC, SOCKS, PROXY wait , Can be used for port monitoring 、 link , File and process read and write , Proxy bridging and so on .

socat It's that simple , The command line arguments are also simple , The only thing that needs to be learned is the definition and collocation of its various addresses .

and netcat The definition doesn't seem so rigorous , Can be simply understood as the network version of cat command 2333

Two 、 Installation method

Every distribution comes with netcat, The package name is usually nc-openbsd, So here's just socat Method of installation :

# Debian/Ubuntu
sudo apt install socat # CentOS/RedHat
sudo yum install socat # macOS
brew install socat

Other distributions can also be installed using the package manager socat

3、 ... and 、 Common commands

1. Network debugging

1.1 Check the connectivity of the remote port ( Make sure the firewall is OK )

You may have learned how to use it before telnet To do this test , But now many distributions don't come with them telnet 了 , Additional installation is required .

telnet Almost dead , Or suggest using more professional socat/netcat

Use socat/netcat Check the connectivity of the remote port :

# -d[ddd] Increase log detail ,-dd Prints fatal, error, warning, and notice messages.
socat -dd - TCP:192.168.1.252:3306 # -v Show details
# -z Don't send data , The effect is to close the connection immediately , Quick results
nc -vz 192.168.1.2 8080 # -vv Show more details
# -w2 The timeout is set to 2 second
# Use nc Do a simple port scan
nc -vv -w2 -z 192.168.1.2 20-500

1.2 Test whether the local port can be accessed by external ( Detect firewalls 、 route )

Listen to a TCP port , The received content is sent to stdout, At the same time stdin Input to the client :

# Server start command ,socat/nc A choice 
socat TCP-LISTEN:7000 -
# -l --listening
nc -l 7000 # Client connection command ,socat/nc A choice
socat TCP:192.168.31.123:7000 -
nc 192.168.11.123 7000

UDP Protocol testing is very similar , Use netcat An example of this is :

# Server side , Monitor only ipv4
nc -u -l 8080 # client
nc -u 192.168.31.123 8080
# Client native test , Be careful localhost It will be preferentially interpreted as ipv6! This will cause the server to (ipv4) Of nc No data received !
nc -u localhost 8080

Use socat Of UDP The test example is as follows :

socat UDP-LISTEN:7000 -
socat UDP:192.168.31.123:7000 -

1.3 debugging TLS agreement

Reference resources socat Official documents :Securing Traffic Between two Socat Instances Using SSL

Test the generation of certificate and private key. See [TLS agreement 、TLS certificate 、TLS Certificate configuration method 、TLS Encryption cracking means ]({{< ref "about-tls-cert/index.md" >}})

Simulate one mTLS The server , monitor 4433 port , The received data is also output to stdout:

# socat You need to use a pem file , The generation method is as follows 
cat server.key server.crt > server.pem
cat client.key client.crt > client.pem # Server start command
socat openssl-listen:4433,reuseaddr,cert=server.pem,cafile=client.crt - # Client connection command
socat - openssl-connect:192.168.31.123:4433,cert=client.pem,cafile=server.crt
# Or use curl Connect ( We know ca.crt and server.crt Can be used for cacert/cafile)
curl -v --cacert ca.crt --cert client.crt --key client.key --tls-max 1.2 https://192.168.31.123:4433

The above command uses mTLS Two way authentication protocol , By setting verify=0 To turn off client authentication , Examples are as follows :


# socat You need to use a pem file , The generation method is as follows
cat server.key server.crt > server.pem # Server start command
socat openssl-listen:4433,reuseaddr,cert=server.pem,verify=0 - # Client connection command , If ip/ Domain names are not protected by certificates , It also needs to be added verify=0
socat - openssl-connect:192.168.31.123:4433,cafile=server.crt
# Or use curl Connect , The certificate is invalid. Please add -k Skip Certificate Validation
curl -v --cacert server.crt https://192.168.31.123:4433

2. The data transfer

Usually when transferring files , I'm used to using scp/ssh/rsync, however socat You can actually transfer files .

In order to demo.tar.gz From host A Send to host B For example ,

First, on the data sender A Execute the following command :

# -u It means that data is only transmitted from the address on the left to the address on the right (socat The default is a two-way pipe )
# -U and -u contrary , Data is only transmitted from the right to the left in one direction
socat -u open:demo.tar.gz tcp-listen:2000,reuseaddr

And then at the data receiver B Execute the following command , You can receive the file :

socat -u tcp:192.168.1.252:2000 open:demo.tar.gz,create
# If it's too cumbersome , It can also be directly passed through stdout Redirect
socat -u tcp:192.168.1.252:2000 - > demo.tar.gz

Use netcat Data transmission can also be realized :

# Start the server at the receiver first 
nc -l -p 8080 > demo.tar.gz
# Then start the client to send data at the sender
nc 192.168.1.2 8080 < demo.tar.gz

3. Take on the temporary web The server

Use fork reuseaddr SYSTEM Three commands , Reuse systemd/supervisor Manage it , You can use a few lines of command to achieve a simple background server .

The following command will listen 8080 port , And connect the data stream with web.py Of stdio Connect , You can access it directly with a browser http://<ip>:8080 To see the effect .

socat TCP-LISTEN:8080,reuseaddr,fork SYSTEM:"python3 web.py"

hypothesis web.py The content is :

print("hello world")

that curl localhost:8080 It should output hello world

4. Port forwarding

monitor 8080 port , Set up the port with baidu.com:80 Two way pipe between :

socat TCP-LISTEN:8080,fork,reuseaddr TCP:baidu.com:80

take curl Command to test , You should be able to access Baidu normally :

# Pay attention to the designation Host
curl -v -H 'Host: baidu.com' localhost:8080

Reference resources

Linux Swiss Army knife in Internet tools - socat & netcat More articles about

  1. Linux Netcat command —— Swiss Army knife in Internet tools

    original text :http://www.oschina.net/translate/linux-netcat-command netcat It's the Swiss Army knife in Internet tools , It can pass. TCP and UDP Read and write data on the Internet . By working with other ...

  2. Netcat - Swiss Army knife in Internet tools

    nc Some small applications of , Slow update .... 1. A simple chat tool ,Client1 and Client2 Between ,Client1 Installed nc, monitor 8888 port ,Client2 use telnet Client1 Of 8888 Port can ...

  3. 【 turn 】Linux Detailed explanation of network tools ip tuntap and tunctl establish tap/tun equipment

    original text :https://www.cnblogs.com/bakari/p/10449664.html -------------------------------------------------- ...

  4. linux In the network stack queueing

    This article describes in detail in linux Network stack queueing, And various methods and mechanisms to ensure system throughput and low latency .

  5. Linux Network tools netcat(nc) Application

    NETCAT netcat yes Linux One of the most commonly used network tools , It can pass. TCP and UDP Read and write data on the Internet , By combining and redirecting with other tools , It can be used in a variety of ways in a script . netcat What we're doing is building a chain between two computers ...

  6. Linux Network tools

    1 nethogs nethogs It's a free tool , When looking for which PID ( notes : namely process identifier, process ID) When it brings trouble to your network traffic , It's very convenient . It's grouped by each process ...

  7. Linux Detailed explanation of network tools ip tuntap and tunctl establish tap/tun equipment

    This article is published in my official account Linux Cloud computing network (id: cloud_dev), Focus on dry goods sharing , There is 10T Books and video resources , The background to reply 「1024」 Can receive , Welcome to pay attention , Qr code text can be swept at the end . In the previous article ...

  8. linux Network tools iproute2 Introduction to the use of

    One . Purpose of writing This article is entirely in their own learning iproute2 A hodgepodge collected in the process of , It's recorded here , It is convenient for you to inquire and study in the future , The pictures are all from the Internet , Thank you ! Two . Simple understanding iproute2 Tool set iproute2 yes ...

  9. Linux Network tools lsof and netstat

    lsof Full name list opened files, That is to list the files that have been opened in the system , The basic use is as follows : (1) see /etc/passwd usage lsof /etc/password (2) Check the monitor so ...

  10. linux Timeout setting in network programming

    1 Here's what we found online , Thank you very much first . use setsockopt() To control recv() And send() timeout stay send(),recv() In the process, sometimes due to network conditions and other reasons , Sending and receiving cannot be expected , And set send and receive timeout ...

Random recommendation

  1. common Android Native Breakdown and error reasons

    http://www.droidsec.cn/%E5%B8%B8%E8%A7%81android-native%E5%B4%A9%E6%BA%83%E5%8F%8A%E9%94%99%E8%AF%AF ...

  2. About projecting world coordinates onto a screen and converting it to a screen 2D coordinate

    If you use Project World to Screen In some resolutions, there will be coordinate errors . Like what I set up UMG A resolution of 1280*720, But his (1280,720) The coordinates of are not in UMG On the edge of the lower right corner of ...

  3. linux Next pair date and timestamp Of each other

    1. date To timestamp: $ date -d '2009-12-01 23:20' +%s 12596808002. timestamp To date$ date -d '1970-0 ...

  4. make problem :make[1] entering directory

    perform make distclean command .

  5. Python subprocess Popen

    Purpose : Sequential execution process   stay Bash It's similar inside  a.sh && b.sh && c.sh Let's start with Popen This function class subprocess.Popen(args ...

  6. Java Study ---- Which method to call ( polymorphic )

    public class Father { public void print() { System.out.println("Father:print()"); } } publ ...

  7. be based on Hadoop2.7.3 Cluster data warehouse Hive1.2.2 Deployment and use of

    be based on Hadoop2.7.3 Cluster data warehouse Hive1.2.2 Deployment and use of HBase It's a distribution . Column oriented NoSQL database , be based on HDFS Storage , Store data in the form of tables , A table consists of rows and columns , Columns are divided into column families .HBase ...

  8. DAY10 The parameters of the function

    One . Classification of function parameters 1. Actual parameters : Call parameters , The actual value passed in parentheses , Value can be constant . Variable . An expression or a combination of the three 2. Shape parameter : When defining a function , Variable names declared in parentheses , To accept the value from the outside world Be careful : Parameters are generated with function calls , ...

  9. iis What's the use of default documents ?

    To set the default document is to enter only the path , When you don't enter a specific page name , The default web page name displayed by the browser . for instance , Server address :http://123.xxx.com, When the default document is not set or the specified default document does not exist , To access normally ...

  10. 11-02 Java Object Class usage details

     Object As a superclass Object Is the root class of the class hierarchy , All classes inherit directly or indirectly from Object class . Object The constructor of a class has a , And it is nonparametric , This is actually understanding what we said at that time , Subclass construction methods are called by default ...