La disyuntiva del Perro

NAST is a multipurpose network analyzer which unifies multiple tools in a single command. Some of them very simple and easy-to-use, while others are more complex. Allows operators to easily create traffic reports and statics.

As analyzer tool, it has many features like:

• Build LAN hosts list
• Follow a TCP-DATA stream
• Find LAN Internet gateways
• Discover promiscuous nodes
• Reset an established connection
• Perform a single half-open portscanner
• Perform a multi half-open portscanner
• Find link type (hub or switch)
• Catch daemon banner of LAN nodes

Build LAN hosts list

• Control ARP answers to discover possible ARP-spoofing
• Byte counting with an optional filter
• Write reports logging

NAST is a Debian package :)

perro@vaio:~$ apt-cache search nast
nast - packet sniffer and lan analyzer
perro@vaio:~$

For those who are not familiar with console management, this tool offers a friendly interface based on ncurses.

perro@vaio:~$ sudo nast -G

Pretty much intuitive

NOTE: nast must be executed as root!

Below I will show you some examples about this tool usage:

Obtaining hosts connected to our LAN

You should always specify the network interface over which nast should act, to do so, yo must use the “-i interface” option.

perro@vaio:~$ sudo nast -m -i eth0

Nast V. 0.2.0

Mapping the Lan for 255.255.0.0 subnet ... please wait

MAC address             Ip address (hostname)
===========================================================
08:00:46:16:BA:D0       192.168.0.120 (192.168.0.120) (*)
00:40:F4:FA:C5:BD       192.168.1.1 (192.168.1.1)
08-00-46-16-ba-d0       192.168.0.100 (192.168.0.100)
00-04-23-6d-f9-c5       192.168.0.101 (192.168.0.1010)
00-14-51-e3-84-09       192.168.1.102 (Kal-El-iBook-G4)

(*) This is localhost

Finished

perro@vaio:~$ 

Performing a port-scanning to a host

perro@vaio:~$ sudo nast -S -i eth0

Nast V. 0.2.0

Port Scanner extremes
Insert IP to scan   : 192.168.1.1
Insert Port range   : 1-50,80,5000-5300

Wait for scanning...

State           Port            Services                Notes

Open            80              www                     None

All the other 1023 ports are in state closed
Scanning terminated on Dec 04 20:32:18

perro@vaio:~$ 

This example performs a port-scanning to host 192.168.1.1 on specified ports(1 through 50, 80 and 5000 through 5300). “-” implies range and “,” separates items.
“-M” option performs the same action but on every host on the network, so you just need to provide nast the port(s) list to scan.

Search over the network for gateways

perro@vaio:~$ sudo nast -g -i eth0

Nast V. 0.2.0

Finding suitable hosts (excluding localhost) -> Done

Trying 192.168.1.1 (00:40:F4:FA:C5:BD)-> Yep!
Trying 192.168.0.100 (08-00-46-16-ba-d0)-> Bad
Trying 192.168.0.101 (00-04-23-6d-f9-c5)-> Bad
Trying 192.168.1.102 (00-14-51-e3-84-09)-> Bad
Trying 192.168.1.177 (00:11:5B:28:0C:0E)-> Bad

Finished

perro@vaio:~$ 

NOTE: Remember you always have the most important option available! “–help” or “man nast“.