Ncat/Compatibility
Ncat is designed to be compatible in as many ways as possible with both Traditional netcat (as implemented by Hobbit) and OpenBSD netcat. In many cases, such compatibility is not possible, such as when an option conflicts in meaning between the two older implementations. This page will document Ncat's options for features that it shares with these implementations or which have not been implemented. Ncat has many other features (such as SSL/TLS) that are not documented here.
Contents
The following options are the same in all three netcat implementations: -C, -h, -p, -s, -l, -n, -t, -u, -v, -z
The following options are shared with OpenBSD netcat and not implemented by traditional netcat: -4, -6, -U, -k.
Note that OpenBSD netcat's -k option does not allow multiple simultaneous connections, but instead restarts the listener when the first connection is finished. Ncat, on the other hand, will combine input from any number of connections into a single stream on STDOUT, and will send input from STDIN to each connection. In combination with -c or -e, it will fork a new process for each connection.
The following options are shared with traditional netcat and not implemented by OpenBSD netcat: -c, -e, -g, -G
Options which differ from one or more implementations
| Feature | Ncat | netcat-traditional | netcat-openbsd |
|---|---|---|---|
| Don't read from stdin | --recv-only [1] | Unimplemented | -d |
| Enable broadcast | Always on | -b | -b |
| Delay between lines read/written | -d | -i | -i |
| Dump session as hex to file | -x [2] | -o | Unimplemented |
| Idle timeout | -i [3][4] | -w [5] | -w |
| Connect timeout | -w [6] | -w (Also idle timeout) | -w (Also idle timeout) |
| Wait after EOF on stdin | Unimplemented [7] | -q | -q |
| Randomize port numbers | Unimplemented [8] | -r | -r |
| Set IP TOS value | Unimplemented [7] | -T | -T |
- ↑ This will shut down the socket with FIN for half-duplex operation. Some servers will terminate the connection in this case. The --no-shutdown option can be used instead or in addition if this is unacceptable and for full compatibility with OpenBSD netcat's -d behavior. For more details, see Ncat/EOF behavior
- ↑ The -o option for Ncat dumps raw data to the file.
- ↑ Ncat's -i option conflicts with both Traditional and OpenBSD netcat's "interval" option. See -d above.
- ↑ In listen mode, Ncat's -i option causes it to exit if a connection is not made within the timeout period. This is the same as Traditional netcat -w, but OpenBSD netcat -w in listen mode will block forever waiting for a connection.
- ↑ Traditional netcat will time out an established connection only after STDIN is closed, and only after double this timeout.
- ↑ Ncat and OpenBSD netcat will attempt a connection to each resolved address, so the overall process time may exceed this timeout. See #798
- ↑ 7.0 7.1 Ncat feature requests may be made at the Nmap Issues Tracker
- ↑ Ncat does not allow multiple destination port numbers, so this option is not relevant
Other caveats
- Ncat does not allow multiple destination port numbers.
- OpenBSD netcat supports proxy connections, and all of its options are different than Ncat's. Traditional netcat does not support proxy connections.
- Some versions of OpenBSD use the -e and -c options for SSL/TLS connections. Ncat has its own set of long options for this feature, following traditional netcat's convention of using -e and -c for executing processes.