On Wed, 18 Jan 2023 23:04:54 +0100 Hilko Bengen <ben...@debian.org> wrote: > > We have users in Kali Linux who have been beaten by this. They use nc, > > they also need ncat for the extra options it provides, they install it, > > and then are very surprised that nc is now ncat. From their background > > (I'm talking about professional pentesters), nc and ncat are different > > tools, they really don't expect ncat to replace nc. > > I'd like to see in what way people have been irritateed. Can you link to > specific bug reports or mailing list/form discussions?
From my understanding, one big difference between nc and ncat is the output. ncat's output is very different from nc, much more verbose apparently. This is not always suitable, for example some folks have teaching material with nc, where they demonstrate nc's commands and output. They also need to use ncat in those courses, but from the moment ncat is installed, nc's output become ncat, the output is much more verbose. It's kind of confusing, and even though they *could* update their courses to show ncat's output (instead of nc), and explain that "after installing ncat, nc is now ncat", it's just not what they want, because ncat's output is too verbose, while nc output is just right (for the purpose of teaching material).
Another point, as I understand it, is just that ncat and nc have always been two different tools (although they clearly have some big overlap), at least in Debian & Kali, since before April 2018, they have always been distributed as two different tools. So users have been used to install & use nc when needed, install & use ncat when needed, and sometimes install & use both, each for a specific purpose. While the use-case of having ncat == nc exists, I have the impression that it's maybe not the main use-case.
I will reach out to the folks who reported this issue, and try to get them to provide more details on this bug report.
Also, for transparency: those folks are from Offensive Security, which is also my employer (Kali Linux is developed by Offensive Security). Apologizes for not stating that in my initial message.
Cheers, -- Arnaud Rebillout / Offensive Security / Kali Linux Developer
