Introducing nastThe information on this page does not map to a specific certification objective.
The Network Analyzer Sniffer Tool or nast is a packet capturing program that displays the captured information in various ways depending on the command line options you specify. Though nast will function in ways similar to the tcpdump program, that was covered in the book, this page will focus on functions that go beyond tcpdump. The nast program is probably not included with your Linux distribution. You can download it from http://nast.berlios.de
Like many other Linux/UNIX tools of its kind, nast is based on the libpcap library. Among other things, this means that the syntax for filtering packets is the same syntax as all the other libpcap-based network testing tools, such as tcpdump.
You must run the nast program as root.
Mapping a Network
You can use nast to map a network. This displays a list of the network hosts with their MAC address, IP address, and DNS name. You do this with the -m command line option. Here's an example of mapping the network connected to the eth1 interface:
#nast -m -i eth1 Nast V. 0.2.0 Mapping the Lan for 255.255.255.0 subnet ... please wait MAC address Ip address (hostname) =========================================================== 00:11:95:1E:EC:C9 184.108.40.206 (server) (*) 00:80:87:64:F1:C5 220.127.116.11 (18.104.22.168) 00:80:87:64:71:7E 22.214.171.124 (126.96.36.199) 00:03:47:2D:1C:17 188.8.131.52 (tina) 00:02:E3:0F:7D:F1 184.108.40.206 (go9) 00:10:4B:D9:EF:85 220.127.116.11 (18.104.22.168) 00:10:B5:E7:01:9C 22.214.171.124 (126.96.36.199) 00:0B:6A:58:DC:6C 188.8.131.52 (karen) 00:11:11:DA:DD:A2 184.108.40.206 (220.127.116.11) 00:A0:C9:00:7E:2E 18.104.22.168 (22.214.171.124) 00:02:55:F5:7C:16 126.96.36.199 (188.8.131.52) 00:02:55:13:BE:FB 184.108.40.206 (220.127.116.11) 00:02:55:F5:53:6E 18.104.22.168 (22.214.171.124) (*) This is localhost Finished
The above example shows that some hosts have DNS names shown in parenthesis, such as server, tina, go9, etc. The rest do not and their IP addresses are repeated in the parenthesis, which seems pointless but this is common practice with Internet-related software.
You can use nast to count the number of packets and bytes flowing over the network as well as the current and average speed (bit rate).
#nast -i eth1 -C any Nast V. 0.2.0 Reading from "eth1" Packets Total Current speed Avarage speed --------------------------------------------------------------------- / 6959 2.70MB 5.90kB/s 973B/s