Socat: A very powerful networking tool

Welcome to this socat tutorial. Socat is a network utility similar to netcat. Socat supports ipv6 and ssl and is available for both windows and linux. The first thing you will notice with this tool is that it has a different syntax on what you are used to with netcat or other standard unix tools.

socat [options] <address> <address>

You have to provide both addresses in order for it to work, now these addresses look like this:


Let’s get started with some examples. First I want to show you how you can get the same functionality as with netcat.

nc localhost 80
socat - TCP4:localhost:80 OR socat STDIN TCP4:localhost:80
nc -lp localhost 700
nc -lp localhost 700 -e /bin/bash
socat TCP4-LISTEN:700 EXEC:/bin/bash

Now we can go beyond netcat with some ssl examples, but first we need to generate a ssl cert for the server.

Generate a SSL cert

openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key

socat tutorial

SSL server

socat OPENSSL-LISTEN:443,cert=/cert.pem -

SSL client

socat - OPENSSL:localhost:443

Both addresses don’t have to use the same protocol, so you can do “ssl server -> non-ssl server”. You should also check out the options that you can apply, for example you can use fork to tell socat to listen and handle multiple clients.

socat TCP4-LISTEN:5000,fork OPENSSL:localhost:443

Finally if you are tunneling a connection between servers using socat you can use the -v option to print all the traffic to stdout.

I hope you enjoyed this quick socat tutorial. If you want to learn more, check out the socat man page, section “ADDRESS TYPES” or the online documentation.