Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
server-administration:netcat-over-ssh [2012-07-20 18:44:21]
garrett.plasky Approved 		server-administration:netcat-over-ssh [2013-01-31 22:40:11]
shaun.reitan [Using DD over Netcat]
Line 35: Line 35:
 <note warning>Netcat opens an encryption-less connection from one host to another, which is why it outperforms SSH. If using the netcat method, take a moment to consider the implications of sending raw, unecrypted data over your network. We **strongly** recommend against using this method for WAN data transfers, unless you are doing so over an encrypted tunnel (e.g. VPN).</note> <note warning>Netcat opens an encryption-less connection from one host to another, which is why it outperforms SSH. If using the netcat method, take a moment to consider the implications of sending raw, unecrypted data over your network. We **strongly** recommend against using this method for WAN data transfers, unless you are doing so over an encrypted tunnel (e.g. VPN).</note>
  
-Further on the subject of the warning above: Because netcat does not use any sort of authentication mechanism, it is possible for someone who knows your netcat port (e.g. from a trivial portscan) to inject arbitrary data into the stream thereby corrupting your <c>dd</c> operation. You may want to consider firewalling the server off prior, with something simple like restricting traffic to the netcat port to only the address of your remote transfer host.+Further on the subject of the warning above: Because netcat does not use any sort of authentication mechanism, it is possible for someone who knows your netcat port (e.g. from a trivial portscan) to inject arbitrary data into the stream thereby corrupting your <c>dd</c> operation. You will probably want to implement a firewall rule on the server to restrict traffic sent on the netcat port to only be permitted from the address of your remote transfer host.
  
 We will assume for the purposes of this tutorial that you have the <c>nc</c> version of netcat. If you have the the other, then the command line options will be slightly different but the idea is the same. You set up a listening server on the destination, and then you send data to the port you've specified form the source. Let's assume we are transferring a full disk image from serverA (/dev/sda) to serverB (dev/sdb). We are going to assume block size of incoming data for <c>dd</c> will be 16MB and that it will be bzip compressed. On serverB we would run the following: We will assume for the purposes of this tutorial that you have the <c>nc</c> version of netcat. If you have the the other, then the command line options will be slightly different but the idea is the same. You set up a listening server on the destination, and then you send data to the port you've specified form the source. Let's assume we are transferring a full disk image from serverA (/dev/sda) to serverB (dev/sdb). We are going to assume block size of incoming data for <c>dd</c> will be 16MB and that it will be bzip compressed. On serverB we would run the following:
Line 47: Line 47:
 <sxh plain>dd bs=16M if=/dev/sda|bzip2 -c|nc serverB.example.net 19000</sxh> <sxh plain>dd bs=16M if=/dev/sda|bzip2 -c|nc serverB.example.net 19000</sxh>
  
-You again will not see any output after you've hit Enter, but do not fret! You can start another session (or launch the netcat in a screen session and back out), and run a tcpdump on port 19000 on serverB to ensure that traffic is indeed flowing. You'll get a DD output on both ends summarizing the read/write time and bytes transferred when the process is complete. In this case no additional configuration is needed. /dev/sdb is a mountable and readable block device that's ready for use!+You again will not see any output after you've hit Enter, but do not fret! You can start another session (or launch the netcat in a screen session and back out), and run a tcpdump on port 19000 on serverB to ensure that traffic is indeed flowing. You can also send a USR1 signal to dd and it will output it's current statistics. You'll get a DD output on both ends summarizing the read/write time and bytes transferred when the process is complete.  In this case no additional configuration is needed. /dev/sdb is a mountable and readable block device that's ready for use!
  
 {{tag>how-to ubuntu upgrade administration recovery backups}} {{tag>how-to ubuntu upgrade administration recovery backups}}