Wednesday, August 7, 2013

NATDet Log Parser

I wrote a NATDet log parser to collect data from log files. It is written in PHP, so you need to install command-line php to run it. By default, it uses PGSQL, but with a small work you can rewrite it to use mysql.

You can download it from SourceForge, the Database is ready to get data from NMap, so I'll update the script later to use that.

Link to download

Install NATdet

I haven't found any tutorials about installing NATDet yet, so I just made one, it's very simple. Here is the official NATDet site: , there is a little documentation about it.

So, how to install: 

1. You need to install some packages:
  • pcap
  • bison

2. Install tcpdump

3. Install ncurses

4. Download and install NATDet

make install 

How to use it:

First, you should set your network interface to promisc mode, if you want it to be automated, set it:

auto eth1
iface eth1 inet manual
        up ifconfig eth1 promisc up
        down ifconfig eth1 promisc down


/etc/init.d/networking restart && ifup eth0 && ifup eth1

Now, your network interface reads every packages, so you can start using natdet:

As shown in the readme:

natdet -v -i eth0 'RULES'

-v : verbose
-vv : more verbose
-i : set interface
-l : set log file
-d : run in background

- RULES : You can set up rules like in tcpdump

And now, just wait, it needs some time to find users who use NAT.