Projects / Nast


Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gate­way, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.

Operating Systems

Recent releases

  •  18 Feb 2004 01:17

    Release Notes: This version features a completely rewritten ncurses graphical interface, many improvements in graphical analyzer features, connections handling for data stream sniffing and connection resetting, stats for byte counter, DNS resolution support, a new error handler, fixes for the banner catcher, tcpdump format logging and loading, and a NCURSES_README file.

    •  23 May 2003 18:21

      Release Notes: Promiscuous mode is set as the default in the sniffer. Work has been done on libnet defines (now it compile on SPARC 64),, and nast.8. A serious memory leak bug in map_lan() which frequently caused segmentation faults has been fixed.

      •  23 Apr 2003 16:52

        Release Notes: Nast is now included in the FreeBSD ports. Some important bugs in have been fixed.

        •  16 Apr 2003 12:16

          Release Notes: This version adds logging support to car() and psearch(), two logging features for sniffing, a traffic monitoring feature, and some converting functions. It extends promiscuous mode research to all network NICs. pcap_open_live() now works with *BSD, and a video output bug in car(), a common return value (NULL) of map_lan(), and a bug in mport() with telnet banner reader were fixed. Many sniffer features were worked on. It was ported to FreeBSD.

          •  17 Feb 2003 18:26

            Release Notes: The -B (--daemon) flag was added to demonize Nast. The -V (--verbose) flag was added to show version information. Long opt support, a signal() function, and IGMP support were added. An improved implementation file logging was written. arpreply() and something else in map_lan() were completely rewritten because they didn't work very well. A wrong interpretation of flags in main() was fixed. A bug in resolving hostname with -P was fixed. usage() was adjusted.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.