Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gateway, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.
|Tags||Security Monitoring Networking Shells Systems Administration Utilities|
|Operating Systems||POSIX BSD FreeBSD Linux|
Release Notes: This version features a completely rewritten ncurses graphical interface, many improvements in graphical analyzer features, connections handling for data stream sniffing and connection resetting, stats for byte counter, DNS resolution support, a new error handler, fixes for the banner catcher, tcpdump format logging and loading, and a NCURSES_README file.
Release Notes: Promiscuous mode is set as the default in the sniffer. Work has been done on libnet defines (now it compile on SPARC 64), Makefile.in, and nast.8. A serious memory leak bug in map_lan() which frequently caused segmentation faults has been fixed.
Release Notes: Nast is now included in the FreeBSD ports. Some important bugs in configure.ac have been fixed.
Release Notes: This version adds logging support to car() and psearch(), two logging features for sniffing, a traffic monitoring feature, and some converting functions. It extends promiscuous mode research to all network NICs. pcap_open_live() now works with *BSD, and a video output bug in car(), a common return value (NULL) of map_lan(), and a bug in mport() with telnet banner reader were fixed. Many sniffer features were worked on. It was ported to FreeBSD.
Release Notes: The -B (--daemon) flag was added to demonize Nast. The -V (--verbose) flag was added to show version information. Long opt support, a signal() function, and IGMP support were added. An improved implementation file logging was written. arpreply() and something else in map_lan() were completely rewritten because they didn't work very well. A wrong interpretation of flags in main() was fixed. A bug in resolving hostname with -P was fixed. usage() was adjusted.