Repository files navigation

netcat version using raw sockets to avoid iptables and/or other OS filtering mechanisms.

Kubernetes environments have a LOT of iptables, hence the necessity to bypass iptables sometimes, for testing, debugging, troubleshooting, ...


It only works on Linux with a Kernel version > 5.2It requires CAP_NET_RAW and CAP_SYS_RESOURCE capabilities... or just run it withsudo ;)

make build

It requires root privileges:

sudo ./bin/netkatUsage: nk [options] [hostname] [port]  -debug        Debug  -interface string        Specify interface to use. Default interface with default route  -listen        Bind and listenfor incoming connections  -source-port int        Specifysource port to use  -udp        Use UDP instead of default TCP

It can be used as a container image, based in alpine:

docker run -it --privileged aojea/netkat:latest 192.168.68.1 802021/05/31 21:29:42 Usingsource address 172.17.0.2/162021/05/31 21:29:42 Creating raw socket2021/05/31 21:29:42 Adding ebpf ingress filter on interface eth02021/05/31 21:29:42 filter {LinkIndex: 99, Handle: 0:1, Parent: ffff:fff2, Priority: 0, Protocol: 3}2021/05/31 21:29:42 Creating user TCP/IP stack2021/05/31 21:29:42 Dialing ...2021/05/31 21:29:42 Connection established

netkat uses thegvisor userspace TCP/IP stack "netstack"

It creates a RAW socket attached to the interface with the route to the destination IP,attaching a BPF filter for the traffic mathing the connection parameters specified asarguments.

It also creates an ingress queue and attaches an eBPF filter, to drop the traffic ofthe connection directed to the RAW socket, preventing that the host stack drops theconnection.

More detailshere

• eCHO episode 14: netkat with Antonio Ojea