After reading Brian Hatch's Nmap Version Detection Rocks, I wanted to set up a simple socket-connection test. Here are my notes:

Start a plain-text socket echoing incomming text using netcat:

a$ nc -l -p 8080

The -l (listen) switches netcat into server mode. I was a bit confused by the <host> and <port> arguments to nc -l. It turns out that they do not specify which address netcat binds to; they limit the connecting host. Something like

a$ nc -l -p 8080 b.example.net 12345

will only accept connections originating from port 12345 on b.example.net.

Echo text to that port

b$ echo 'hi there' | nc -q 1 a.example.net 8080

To connect from a specific port, use the -p option.

b$ echo 'hi there' | nc -q 1 -p 12345 a.example.net 8080

The -q 1 tells netcat to quit after an EOF is detected. When the client quits, the connection breaks, and the server goes down on its own. If you want netcat to stay up you'll have to restart it:

$ while nc -l -p 8080; do :; done

The : is Bash's noop.

If you just want a simple telnet-style connection use:

b$ nc a.example.net 8080

For a secure connection, use OpenSSL (see X.509 certificates for more on generating keys and certificates):

a$ openssl s_server -key key.pem -cert cert.pem -accept 8080

Connect with

b$ echo 'hi there' | openssl s_client -connect a.example.net:8080

The OpenSSH client automatically closes on EOF, but the server stays open for new connections. You'll have to kill it manually when you're done.

If you don't like OpenSSL, you can also use stunnel for SSL connections. Examples are all over. This post by Dustin Breese seems good.

Also note that with the crypt USE flag, Gentoo will install netcat with an AES patch by Mixter, which allows

$ nc -k <password> -l -p
$ nc -k <password> <options> <host> <port>

AES is a symmetric-key encryption standard, so you don't have to go through all the rigmarole of setting up SSL keys and certs for a one-off connection.