NWatch 0.02 is available

["James D. Levine" <levine () vinecorp com>]

NWatch-0.02 is available.   If you have visited the NDiff web page in
recent months you will have seen a link to NWatch; other than that this
is the first official announcement.


    http://www.vinecorp.com/nwatch


NWatch is a security tool useful for network monitoring, policy
development, and certain types of intrusion detection.  It maintains
state for the IP traffic it sees on an interface, deducing the state
of hosts and services over a given time span.  Using NWatch you can
gather samples from specific nets and verify the traffic is what you
expect it to be.

NWatch is a sniffer but can be conceptualized as a "passive port
scanner", in that it is only interested in IP traffic and it organizes
results as a port scanner would.

Output is in standard nmap machine-readable format, allowing you to
use NDiff and other tools on the data as you would an ordinary nmap
run.  It is useful both as an individual security tool in your
arsenal, or as a sanity check for nmap or other port scanners.  Owing
to its design, NWatch will catch ports that are opened only
transiently, something which a port scanner would likely miss.

NWatch is known to work on Linux/x86.  I have not yet considered
portability, but it may work on other architectures, as well.

NWatch requires perl 5.005_03, NDiff-0.05beta2 or later, the Net::Pcap
module and libpcap.

Familiarity with NDiff, nmap, and installing perl modules is also very
helpful.  Root access to the installation host is also required.


See also-

NDiff:      http://www.vinecorp.com/ndiff
Net-Pcap:   http://search.cpan.org/search?dist=Net-Pcap
libpcap:    http://www.tcpdump.org/

...and of course...

nmap:       http://www.insecure.org/nmap




--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).