Why is the following not working?
I have a freshly installed Debian 9 system. iptables
is wide-open:
[···]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I log in on two separate consoles (well, two separate ssh logins). In one of them, I run:
[···]# nc -l 11115
Then, I go to the other console, and run:
[···]# nc localhost 11115
and I get a Connection refused error:
[···]# nc localhost 11115
localhost [127.0.0.1] 11115 (?) : Connection refused
I also tried nc 127.0.0.1 11115
, tried with telnet
— always Connection refused.
On the "listening" side, I also tried nc -l localhost 11115
— no difference.
What am I missing or doing wrong?
[EDIT]: On a CentOS 6.9 machine, the exact same commands above work as expected. Same thing on my Ubuntu 14.04 at home. I thought it may be that running as root makes nc
disallow some functionality. But no, I just tried as a regular user on the Debian 9 machine, and it fails all the same. Any ideas why?
Best Answer
There are actually four (or more?) distinct programs called
nc
(netcat) which are forks or rewrites of the same basic program from long ago and far away.The default in Debian seems to be what it calls
netcat-traditional
, the ancient original version. I was able to reproduce this problem with netcat-traditional; listening seems very broken. It did not actually bind to a port; I could not see it listening inss
output, nor did I see it attempt to bind when running it under strace.The other available Debian package is called
netcat-openbsd
, which is a currently maintained fork of the original netcat by OpenBSD developers. You should find that it works if you install this package (and you can then removenetcat-traditional
).There is yet another netcat package, which is used by Red Hat based systems, developed and maintained by Fyodor of nmap and insecure.org and other developers. It is a complete rewrite from the ground up and uses no traditional netcat or BSD netcat code. It also works properly. Its package name (on Red Hat systems) is
nmap-ncat
.I've recently learned of a fourth netcat, GNU netcat, which was also a ground-up rewrite, but was abandoned in 2007. Strangely, one or two Linux distributions (such as Arch) still ship it.