0

I'm trying to capture UDP data using the nc (netcat) command but it doesn't output anything. What options/parameters do I need to pass to the nc command to get the output?

tcpdump does show the UDP data. The reason I'm trying nc is that when I know how to capture I can use these settings in another program that eventualy needs to listen for the incomming data.

Things I've tried with nc are:

$ nc -ul 8002
$ nc -ulb 8002
$ nc -u -l -s 192.168.2.235 -p 8002
$ nc -u -l -s 192.168.2.255 -p 8002
$ nc -u -l -b -s 192.168.2.235 -p 8002
$ nc -u -l -b -s 192.168.2.255 -p 8002
$ nc -u -l -b -s 255.255.255.255 -p 8002
$ nc -u -l -s 192.168.2.235 8002
$ nc -u -l -s 192.168.2.255 8002
$ nc -u -l -s 255.255.255.255 8002

All resulted in no ouput.

The working tcpdump command:

$ sudo tcpdump -A -i eth1 'udp port 8002'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:42:32.823653 IP 192.168.1.52.5678 > 255.255.255.255.8002: UDP, length 23
E..3....@......4.......B....$RADPT,5.5,0.0,40,*57

12:42:32.987098 IP 192.168.1.53.5678 > 255.255.255.255.8002: UDP, length 24
E..4~(..@.:....5.......B. ..$RBDPT,0.04,0.0,40,*60

My network configuration:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 4c:02:89:17:be:de brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4e02:89ff:fe17:bede/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 4c:02:89:17:be:df brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.235/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::4e02:89ff:fe17:bedf/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 4c:02:89:17:be:e0 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 4c:02:89:17:be:e1 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 4c:02:89:17:be:dd brd ff:ff:ff:ff:ff:ff
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:22:77:fb:27 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:22ff:fe77:fb27/64 scope link
       valid_lft forever preferred_lft forever
9: slcan0: <NOARP,UP,LOWER_UP> mtu 16 qdisc pfifo_fast state UNKNOWN group default qlen 10
    link/can
12: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.24.1.3/16 scope global wg0
       valid_lft forever preferred_lft forever

The data is received on eth1, I can't change the ip/netmask of eth0 because then I'll lose the connection to the computer (everthing is running remote). The OS is Linux Alpine.

Martijn de Munnik
  • 123
  • 1
  • 1
  • 4
  • 3
    Note that tcpdump can capture packets before they will be discarded by a local firewall (iptables) and thus can display packets that won't reach the listener which you create with `nc` ; so check that your local firewall configuration allows traffic to port 8002 – HBruijn Aug 21 '23 at 12:18
  • In addition to the firewall, having rp_filter=1 (following SRPF : https://datatracker.ietf.org/doc/html/rfc3704#section-2.2) would be enough to get the packet dropped: wrong interface. – A.B Aug 22 '23 at 16:31

0 Answers0