Using ncat as a Chat Server

Sometimes a quick and easy channel for communication can come in handy. ncat has a nice option for just such a chat server.

Start it up

Start the server using the -l and --chat flags:

    ubahmapk@laptop:~ > ncat --chat -l -p 8888

Note that you will not see any of the chat traffic in this window, but if you add the -v flag, you will at least see the connections as they are established:

    ubahmapk@laptop:~ > ncat -v -l --chat -p 8888
    Ncat: Version 7.12 ( https://nmap.org/ncat )
    Ncat: Listening on :::8888
    Ncat: Listening on 0.0.0.0:8888

Since this server console does not actively participate in the conversation, adding the -v flag does not send the verbose info to the participants.

Open up a new terminal window and make a standard ncat (or even a traditional nc) connection to the chat server:

    ubahmapk@laptop:~ > ncat 192.168.0.10 8888
    <announce> 192.168.0.10 is connected as <user5>.
    <announce> already connected: nobody.

ncat informs you of the previously connected users, in this case there were no others. Since this is an ncat session, when new users connect and the previously existing connections are announced, you will see your own connection listed as new uers arrive:

    <announce> 192.168.0.20 is connected as <user6>.
    <announce> already connected: 192.168.0.10 as <user5>.

ncat reports the connections on the server console thusly:

    Ncat: Connection from 192.168.0.10 on file descriptor 5.
    Ncat: Connection from 192.168.0.10:57850.
    Ncat: Connection from 192.168.0.20 on file descriptor 6.
    Ncat: Connection from 192.168.0.20:83853.

As participants chat, the content is prepended by the user ID so everyone knows who said what:

    <user7> It's me, it's me, it's Ernest T!

And lastly, departures from the chat room are also announced:

    <announce> <user7> is disconnected.

Encryption

As described above, all of this traffic would traverse the network in plain text by default. But, as you may remember, ncat can establish SSL connections, too!

    ubahmapk@laptop:~ > ncat -v -l --ssl --chat -p 8888
    Ncat: Version 7.12 ( https://nmap.org/ncat )
    Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
    Ncat: SHA-1 fingerprint: FB24 84E8 D3F2 F77D DB1B 9C8B 00A4 7C89 E5D0 4A69
    Ncat: Listening on :::8888
    Ncat: Listening on 0.0.0.0:8888

Note that ncat will generate a temporary SSL certificate unless you specify a key and cert to use.

Client connections would just need to include the --ssl flag and everything else works the same as before:

    Ncat: Connection from 192.168.0.10 on file descriptor 5.
    Ncat: Connection from 192.168.0.10:58874.
    Ncat: Connection from 192.168.0.20 on file descriptor 6.
    Ncat: Connection from 192.168.0.20:85876

Access Control

But what if you don’t want just anyone to be able to connect to this chat server? Well, it turns out that ncat also supports IP restrictions, which can be applied to listening chat servers. But we’ll save that for another day. Or, you can check out ncat Access Control here.