netcat64 - v1.11.6.4 NT


SUMMARY:

This is a combination of:
    Netcat 1.11 NT (nc111nt.zip) from Weld Pond <[email protected]>
    Netcat6 (nc6_src.zip) from Sphinx Software [based on 1.10 NT]
    Various options available on the Unix versions of Netcat
    A few fixes
    Additional options

  nc64.exe     - netcat with IPv6 and IPv4 (compiled as 64-bit)
  nc64-32.exe  - netcat with IPv6 and IPv4 (compiled as 32-bit)


BACKGROUND:

The goal was to get a netcat that did *both* IPv4 and IPv6.  Netcat 
handles IPv4 nicely and the netcat6 port mentioned above does only 
IPv6 as well as the original handles IPv4.  There needed to be an 
IPv4 *and* IPv6 version of netcat.

Nmap.org publishes a utility - ncat - which is netcat updated and does 
both IPv4 and IPv6, but the -e GAPING_SECURITY_HOLE option is implemented 
by launching a "cmd.exe" shell with the /c option.  This has the effect 
of launching a Command Prompt on the machine where Netcat is running 
with the -e option.  So much for stealth.

The doexec.c included with the Windows versions of netcat listed above 
does well to mitigate this and so building IPv4 *and* IPv6 on the 
'original' code is more desirable than using the ncat utility - although 
ncat certainly remains very useful and incorporates additional features.


FIXES:

While some of these aren't really fixes - like adding "UDP" or "TCP" to 
the verbose output in listen mode - some do address issues seen in the 
original netcat this was compiled from.

Invalid Connections:
  When specifying a hostname in listen mode, netcat will attempt to 
  validate the connecting host matches the hostname [optional port] 
  provided.  If it does not, the connection is terminated with an 
  "invalid connection ..." error.  If using -L (or -k in this version) 
  to keep connections open, the entire program is terminated, even 
  though the -L (keep open) option is specified.  This fix simply 
  drops the connection and keeps netcat open for business.  Note, if 
  only using -l (do *not* keep open), invalid connections will cause 
  program termination as usual.

  This option can be conditionally compiled by adding -DFIXINVALCONN


Re-listen Argument Fix:
  When re-listening (-L or -k), netcat cycles through the getopt() 
  section again.  This has the effect of incrementing optind - the pointer 
  to the current option index.  This doesn't matter if there are no 
  arguments, but if a listener and port are specified in listen context:

    nc -Lp 5001 10.10.10.1 50000

  (This will only allow host 10.10.10.1 from port 50000 to connect.)
  When the first connection is dropped (or indeed if the first connection 
  is invalid and the above fix is applied), the next cycle through to 
  start listening increments optind so the hostname is no longer pointing 
  to 10.10.10.1; instead, it's pointing to 50000.  Netcat has trouble with 
  the reverse lookup (if in verbose mode) and subsequent connections will 
  fail as the host cannot possibly match 50000 - or whatever IP address 
  that converts to.  In some cases, netcat crashes - even observed in the 
  original netcat.  The solution is to conditionally pre-decrement optind 
  before getopt() is called if and only if listen mode is selected *and* 
  a remote address (like 10.10.10.1 in the above example) is specified.

  This option can be conditionally compiled by adding -DFIXRELISTENHOST


ADDITIONAL FEATURES:

Some of the additional features in this version can be conditionally 
compiled with -D<DEFINE> compiler directives.  Below describes the 
features and provides the define statements required.  Note that the 
included Makefile compiles *ALL* the following features by default.  In
addition to all the original features and usages mentioned in the 
readme.txt, the additions brought by this netcat64 are:

IPv4 and IPv6:
        -4              force IPv4 only
        -6              force IPv6 only

  IPv6 is preferred as the new get*info() lookup routines return IPv6 
  addresses first.  The gethostpoop() routine was completely rewritten 
  to accommodate both IPv4 and IPv6 and determine which to use if both 
  are found.  These switches force IPv4 or IPv6 only and will cause an 
  error if the proper address family is not found.


Broadcast:
        -b              disable bi-directional UDP (cli->srv only)
                          also sets SO_BROADCAST option if UDPv4

  When listening, netcat will connect() to the source to allow 
  bi-directional UDP communications (client<->server), "which also has 
  the side effect that now anything from a different source or even a 
  different port on the other end won't show up and will cause ICMP 
  errors" [original netcat*.c comments].  Since listening to broadcast 
  messages doesn't make sense from a single host the -b option bypasses 
  the connect().  This allows multiple reconnects from the same or 
  different clients to the server, but has the side effect of not allowing 
  the listening netcat to send data back to the source.  One way UDP 
  communications (client->server) only.

  Additionally, this option enables the setsockopt() SO_BROADCAST option 
  on the socket if netcat is operating in IPv4 mode.

  This option can be conditionally compiled by adding -DSSOBC


Carriage Return / Line Feed:
        -C              send CRLF as line-ending

  An option on Unix versions of netcat, this is the default on the Windows 
  version.  Compiling in this feature switches the default line ending 
  from "\n" to "\x0a".  Enabling this switch sends "\x0d\x0a" as the line 
  ending.

  This option can be conditionally compiled by adding -DCRLF


Debug:
        -D              set SO_DEBUG option

  An option on Unix versions of netcat, this doesn't seem to do anything 
  for the Windows version.  Additionally, from MSDN:  "Microsoft providers 
  currently do not output any debug information."

  This option can be conditionally compiled by adding -DSSODEBUG


Multicast:
        -j group        join multicast group and listen [UDP only] (-lu)
                          use [hostname] for specific source [v4 only]

  While Windows allowed sending to multicast groups over UDP, listening 
  was not so easy.  This option allows a listening netcat to 'join' the 
  provided multicast group and listen on UDP.  The default multicast 
  interface is used for listening.  This is usually the same as the 
  default multicast sending interface, found with the 'route print' 
  command and the interface with the lowest metric for the multicast 
  route is the 'winner'.  The listening (as well as sending) interface 
  can be changed with the standard netcat -s option.  Also, source 
  specific multicast can be specified by providing a hostname in the 
  netcat listener context.

  Additionally, as with broadcast described above, the -j switch will 
  not issue the connect() allowing multicast from several sources (if 
  not locked down by issuing a hostname in listen context) but not 
  allowing the multicast listening netcat to send data back.

  Examples (note -vv for verbose is *not* needed, only here to show 
            feedback):
    IPv4
    --
    Join 239.192.1.1 on UDP port 5001:
      C:\> nc64 -vv -j 239.192.1.1 -p 5001
      listening on [0.0.0.0] 5001 (UDP) ... {*,239.192.1.1}

    Send to the above listening netcat:
      C:\> nc64 -u 239.192.1.1 5001

    --
    To specify a default interface to listen on:
      C:\> nc64 -vv -j 239.192.1.1 -p 5001 -s 192.168.10.100
      listening on [192.168.10.100] 5001 (UDP) ... {*,239.192.1.1}

    To specify a default interface to send from:
      C:\> nc64 -u 239.192.1.1 5001 -s 192.168.10.100

    --
    To specify a specific multicast source:
      C:\> nc64 -vv -j 239.192.1.1 -p 5001 192.168.10.100
      listening on [0.0.0.0] 5001 (UDP) ... {192.168.10.100,239.192.1.1}

    --
    IPv6
    --
    Join ff05::1:2:3 on UDP port 5001:
      C:\> nc64 -vv -j ff05::1:2:3 -p 5001
      listening on [::] 5001 (UDP) ... {*,ff05::1:2:3}

    Send to the above listening netcat:
      C:\> nc64 -u ff05::1:2:3 5001

    --
    To specify a default interface to listen on:
      C:\> nc64 -vv -j ff05::1:2:3 -p 5001 -s 2001:db8::1
      listening on [2001:db8::1] 5001 (UDP) ... {*,ff05::1:2:3}

    To specify a default interface to send from:
      C:\> nc64 -u ff05::1:2:3 5001 -s 2001:db8::1

  This option can be conditionally compiled by adding -DMULTICAST

  NOTE:  Windows does not provide the ipv6_mreq_source structure or 
         the setsockopt() IPV6_ADD_SOURCE_MEMBERSHIP call.  Instead, 
         multicast is implemented with new structures GROUP_REQ and 
         GROUP_SOURCE_REQ, the latter of which addresses source 
         specific joins.  Furthermore, these structures and associated 
         calls are only available on Windows Vista or Server 2008 
         minimum - the documentation is confusing.

  To try to compile IPv6 source specific multicast, Windows Vista or 
  later is required and can be conditionally compiled by adding -DIPv6SSM


Keep Open:
        -k              keep inbound sockets open for multiple connects

  This option is available on Unix versions of netcat and included now 
  for compatibility.  -k requires -l and has the same effect as just 
  using -L on the Windows version.  -L remains for compatibility also.


Keepalive:
        -K secs         set SO_KEEPALIVE interval [TCP only]

  This enables the SO_KEEPALIVE socket option and sets the keepalive 
  interval to the 'secs' provided.  1<=secs<=7200

  This option can be conditionally compiled by adding -DSSOKEEPALIVE

  
Time To Live:
        -T ttl          v4: time to live / v6: hop limit (0<=ttl<=255)

  This enables the setsockopt() IP_TTL and IPV6_UNICAST_HOPS calls to 
  set the time to live (v4) and hop limit (v6).
  Additionally, if multicast is enabled, the IP_MULTICAST_TTL and 
  IPV6_MULTICAST_HOPS are also set / controlled with this option when 
  sending / receiving in multicast context.

  NOTE:  This does conflict with -T being used for Type of Service byte 
         manipulation on certain Unix versions of netcat.  Windows no 
         longer supports setsockopt() IP_TOS (as of Windows XP) or 
         implements an equivalent for the Traffic Class byte in IPv6 
         headers.  Several bloated APIs have come and gone to address 
         QoS in Windows and now manipulation of the ToS or TC bytes 
         seems all but impossible by end-user applications.  For the 
         current Windows 7 API, search for "QoS2 API, qos2.h, qWAVE".

  This option can be conditionally compiled by adding -DSSOTTL

  
Urgent Pointer:
        -U              set URG pointer in TCP

  This forces the URG flag to be set in the TCP header and the urgent 
  pointer is set to the length of the data field + 1 (as per normal).
  This works by setting the MSG_OOB flag on the send socket of the 
  TCP stream connection.

  This option can be conditionally compiled by adding -DURGPTR
  ONLY IF -DWIN32 is specified already.