Simple client / server with nc not working

Cal-linux asked:

Why is the following not working?

I have a freshly installed Debian 9 system. iptables is wide-open:

[···]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

I log in on two separate consoles (well, two separate ssh logins). In one of them, I run:

[···]# nc -l 11115

Then, I go to the other console, and run:

[···]# nc localhost 11115

and I get a Connection refused error:

[···]# nc localhost 11115
localhost [127.0.0.1] 11115 (?) : Connection refused

I also tried nc 127.0.0.1 11115, tried with telnet — always Connection refused.

On the “listening” side, I also tried nc -l localhost 11115 — no difference.

What am I missing or doing wrong?

[EDIT]: On a CentOS 6.9 machine, the exact same commands above work as expected. Same thing on my Ubuntu 14.04 at home. I thought it may be that running as root makes nc disallow some functionality. But no, I just tried as a regular user on the Debian 9 machine, and it fails all the same. Any ideas why?

My answer:


There are actually three (or more?) distinct programs called nc (netcat) which are forks or rewrites of the same basic program from long ago and far away.

The default in Debian seems to be what it calls netcat-traditional, the ancient original version. I was able to reproduce this problem with netcat-traditional; listening seems very broken. It did not actually bind to a port; I could not see it listening in ss output, nor did I see it attempt to bind when running it under strace.

The other available Debian package is called netcat-openbsd, which is a currently maintained fork of the original netcat by OpenBSD developers. You should find that it works if you install this package (and you can then remove netcat-traditional).

There is yet another netcat package, which is used by Red Hat based systems, developed and maintained by Fyodor of nmap and insecure.org and other developers. It is a complete rewrite from the ground up and uses no traditional netcat or BSD netcat code. It also works properly. Its package name (on Red Hat systems) is nmap-ncat.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.