Advanced Guide to
Linux Networking and Security


Publishers Page

Chapter 1

Chapter 2

Chapter 3



Bonus Material

Installing ngrep
HTP Time Sync
Remote Backup

Introducing nast

The information on this page does not map to a specific certification objective.

The Network Analyzer Sniffer Tool or nast is a packet capturing program that displays the captured information in various ways depending on the command line options you specify. Though nast will function in ways similar to the tcpdump program, that was covered in the book, this page will focus on functions that go beyond tcpdump. The nast program is probably not included with your Linux distribution. You can download it from

Like many other Linux/UNIX tools of its kind, nast is based on the libpcap library. Among other things, this means that the syntax for filtering packets is the same syntax as all the other libpcap-based network testing tools, such as tcpdump.

You must run the nast program as root.

Mapping a Network

You can use nast to map a network. This displays a list of the network hosts with their MAC address, IP address, and DNS name. You do this with the -m command line option. Here's an example of mapping the network connected to the eth1 interface:

#nast -m -i eth1

Nast V. 0.2.0

Mapping the Lan for subnet ... please wait

MAC address             Ip address (hostname)
00:11:95:1E:EC:C9 (server) (*)
00:80:87:64:F1:C5 (
00:80:87:64:71:7E (
00:03:47:2D:1C:17 (tina)
00:02:E3:0F:7D:F1 (go9)
00:10:4B:D9:EF:85 (
00:10:B5:E7:01:9C (
00:0B:6A:58:DC:6C (karen)
00:11:11:DA:DD:A2 (
00:A0:C9:00:7E:2E (
00:02:55:F5:7C:16 (
00:02:55:13:BE:FB (
00:02:55:F5:53:6E (

(*) This is localhost


The above example shows that some hosts have DNS names shown in parenthesis, such as server, tina, go9, etc. The rest do not and their IP addresses are repeated in the parenthesis, which seems pointless but this is common practice with Internet-related software.

Byte Counting

You can use nast to count the number of packets and bytes flowing over the network as well as the current and average speed (bit rate).

#nast -i eth1 -C any

Nast V. 0.2.0

Reading from "eth1"

Packets         Total           Current speed           Avarage speed
/ 6959          2.70MB          5.90kB/s                973B/s