The commands in this article were tested on macOS Big Sur and Opensuse Tumbleweed
socat & netcat
netcat (network cat) is a long-established network toolkit, known as the Swiss Army knife of TCP/IP. All major Linux distributions have the openbsd version of netcat installed by default, and its command line name is nc
.
And socat (socket cat), which is officially described as "netcat++" (extended design, new implementation)
, is a more active project, and is used by kubernetes-client (kubectl) to do all kinds of traffic forwarding.
In environments where it is not convenient to install socat, we can use the netcat that comes with the system. In other environments, we can consider using socat in preference.
1. Introduction
The basic command format of socat.
|
|
The socat is provided with two addresses, and what the socat does is to dock the streams from the two addresses. The output of the left address is passed to the right, and the output of the right address is passed to the left, which is a bidirectional data pipeline.
It sounds like nothing special, but in fact, computer networks do the job of data transfer, but affect the whole world, and its function should not be underestimated.
socat supports a very large number of address types: -
/stdio, TCP, TCP-LISTEN, UDP, UDP-LISTEN, OPEN, EXEC, SOCKS, PROXY, etc. It can be used for port listening, linking, file and process reading and writing, proxy bridging, etc.
The only thing you need to spend some effort to learn is the definition of the various addresses and how to write them.
The definition of netcat seems to be less strict, and can be simply understood as a network version of the cat command.
2. Installation method
Each distribution comes with netcat, usually named nc-openbsd
, so only the installation of socat is described here.
Other distributions can basically install socat using the package manager
3. Common commands
1. network debugging
1.1 Test the connectivity of remote ports (make sure the firewall is OK)
You may have learned how to use telnet to do this test before, but nowadays many distributions basically don’t come with telnet anymore, and you need to install it additionally. telnet is almost at the end of its life, so it is recommended to use the more professional socat/netcat
Use socat/netcat to check the connectivity of remote ports.
1.2 Test if the local port can be accessed externally properly (check firewall, routing)
Listen to a TCP port on the local machine and pass the received content to stdout, while passing the input from stdin to the client.
The UDP protocol is tested very similarly, using the following example from netcat.
An example of a UDP test using socat is as follows.
1.3 Debugging the TLS protocol
Refer to the official socat documentation: Securing Traffic Between two Socat Instances Using SSL
Simulate an mTLS server, listening on port 4433, and outputting the received data to stdout as follows
|
|
The above command uses the mTLS two-way authentication protocol, and client authentication can be turned off by setting verify=0
, as shown in the following example.
|
|
2. data transfer
Normally, I am used to using scp/ssh/rsync when transferring files, but socat can actually transfer files as well.
Take demo.tar.gz from host A to host B as an example, first execute the following command on the data sender A.
The file is then received at data recipient B by executing the following command.
Data transfer is also possible with netcat.
3. Act as a temporary web server
With fork
, reuseaddr
and SYSTEM
commands, and a bit of management with systemd
/ supervisor
, you can implement a simple backend server with a few lines of commands.
The following command will listen on port 8080 and connect the data stream to web.py’s stdio, which can be accessed directly using a browser at http://<ip>:8080
to see the results.
|
|
Suppose the contents of web.py
are
|
|
Then curl localhost:8080
should output hello world
4. port forwarding
Listen to port 8080 and establish a two-way pipe between this port and baidu.com:80
:
|
|
Use the curl command to test it and you should be able to access Baidu properly at