Nmap Announce mailing list archives
NWatch 0.02 is available
From: "James D. Levine" <levine () vinecorp com>
Date: Mon, 8 Oct 2001 21:14:14 -0700 (PDT)
NWatch-0.02 is available. If you have visited the NDiff web page in recent months you will have seen a link to NWatch; other than that this is the first official announcement. http://www.vinecorp.com/nwatch NWatch is a security tool useful for network monitoring, policy development, and certain types of intrusion detection. It maintains state for the IP traffic it sees on an interface, deducing the state of hosts and services over a given time span. Using NWatch you can gather samples from specific nets and verify the traffic is what you expect it to be. NWatch is a sniffer but can be conceptualized as a "passive port scanner", in that it is only interested in IP traffic and it organizes results as a port scanner would. Output is in standard nmap machine-readable format, allowing you to use NDiff and other tools on the data as you would an ordinary nmap run. It is useful both as an individual security tool in your arsenal, or as a sanity check for nmap or other port scanners. Owing to its design, NWatch will catch ports that are opened only transiently, something which a port scanner would likely miss. NWatch is known to work on Linux/x86. I have not yet considered portability, but it may work on other architectures, as well. NWatch requires perl 5.005_03, NDiff-0.05beta2 or later, the Net::Pcap module and libpcap. Familiarity with NDiff, nmap, and installing perl modules is also very helpful. Root access to the installation host is also required. See also- NDiff: http://www.vinecorp.com/ndiff Net-Pcap: http://search.cpan.org/search?dist=Net-Pcap libpcap: http://www.tcpdump.org/ ...and of course... nmap: http://www.insecure.org/nmap -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- NWatch 0.02 is available James D. Levine (Oct 08)