Performing backups with netcat

In this post I will demonstrate how to perform a backup of a disk partition over the network using dd and nc (netcat).  I will also introduce the pv command, which may be new to you.  The pv command can be installed by “sudo apt-get install pv”.

Lets assume that I have a laptop that I use for testing different linux distributions.  It has multiple operating systems and multiple disk partitions.  I want to backup my Fedora 12 partitions before installing Fedora 13.  I will use dd and nc to copy the Fedora 12 disk partitions across my network to a fileserver.

  • My laptop:  192.168.140.64
  • My fileserver: 192.168.140.11

The partitions on the laptop that I want to backup are:

  • /dev/sda4  (Fedora 12 lvm, 14.7GB)
  • /dev/sda8  (Fedora 12 /boot ext4, 263MB)

If you are wondering how I obtained the partitions and sizes, I used “parted -l”.

We have all the information we need, now lets begin.

First we tell the fileserver to listen on an unused high numbered port.  I’m choosing port 12345.

On the fileserver:

$ nc -l 12345 | pv -b -p -s 263m > laptop_sda8.img

Next we tell the laptop to begin copying data to the fileserver.

On the laptop:

$ sudo dd if=/dev/sda8 | nc 192.168.140.11 12345

If you are unfamiliar with the pv command, it reports the amount of data written to a pipe.  We use it to give us a progress bar.  The -b and -p option tells it to show progress in bytes.  We use -s 263m to tell it that we are expecting to receive 263MB of data.  This is needed to display the progress bar.

Here is what you will see on the fileserver side while data is being copied.

When the data finishes copying, you can use md5sum to verify your data.  Run md5sum on the source and md5sum on the destination and compare the results.  The two resulting numbers should be identical.

On the latop:

$ sudo md5sum /dev/sda8
b37349506c8d20d0d6b21e4f38c374bc  /dev/sda8

On the fileserver:

$ md5sum laptop_sda8.img
b37349506c8d20d0d6b21e4f38c374bc  laptop_sda8.img

Now we do the same steps for the partion /dev/sda4.

On the fileserver:

$  nc -l 12345 | pv -b -p -s 14700m > laptop_sda4.img

On the laptop:

$ sudo dd   if=/dev/sda4 | nc 192.168.140.11 12345

Now a word about security.  Notice that I copied my data in the clear across the network.  If I am copying my data across my home LAN, this is an acceptable risk to me.  If I am copying data across the Internet or any network shared with other people, this is not an acceptable risk.  In that case, an ssh tunnel should be used.

Here is how.

On the fileserver start the listener.  Same as before.

$ nc -l 12345 | pv -b -p 263M > laptop_sda8.img

Let me explain a few things here.  In our next set of commands we will open two terminal windows on the laptop.  In the first window we will setup an ssh tunnel from the laptop to the fileserver.  We will keep this tunnel open, while we use the second terminal window to run our data transfer.

Open two terminal windows on the laptop.

In terminal 1, establish an ssh tunnel to the fileserver, using a valid username@fileserver.

$ ssh -N -L 12345:localhost:12345 neil@192.168.140.11

In terminal 2, copy the data as before but this time the destination will be localhost port 12345.  The data will be encrypted and sent through the ssh tunnel to the file server.

$ sudo dd   if=/dev/sda8 | nc localhost 12345

Repeat these steps for the next partition (/dev/sda4).

When the copy has completed, you can end the ssh tunnel by using ctrl-c in terminal 1.

The ssh tunnel is secure but you give up speed and it requires extra processing power.  That is why I only use the ssh tunnel when security is a concern.

Advertisements

One thought on “Performing backups with netcat

  1. Pingback: netcat « Eikonal Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s