NATDet Log Parser

I wrote a NATDet log parser to collect data from log files. It is written in PHP, so you need to install command-line php to run it. By default, it uses PGSQL, but with a small work you can rewrite it to use mysql.

You can download it from SourceForge, the Database is ready to get data from NMap, so I'll update the script later to use that.

Link to download

Install NATdet

I haven't found any tutorials about installing NATDet yet, so I just made one, it's very simple. Here is the official NATDet site: http://elceef.itsec.pl/natdet/ , there is a little documentation about it.

So, how to install: 

1. You need to install some packages:

• pcap
• bison

2. Install tcpdump

http://www.tcpdump.org/

3. Install ncurses

• Download it: http://ftp.gnu.org/pub/gnu/ncurses/ 
• Install: http://www.linuxfromscratch.org/lfs/view/development/chapter06/ncurses.html 

4. Download and install NATDet

Download: http://elceef.itsec.pl/natdet/ 

Install:

./configure
make
make install 

How to use it:

First, you should set your network interface to promisc mode, if you want it to be automated, set it:

/etc/network/interfaces

auto eth1

iface eth1 inet manual

        up ifconfig eth1 promisc up

        down ifconfig eth1 promisc down

Then:

/etc/init.d/networking restart && ifup eth0 && ifup eth1

Now, your network interface reads every packages, so you can start using natdet:

As shown in the readme:

natdet -v -i eth0 'RULES'

-v : verbose

-vv : more verbose

-i : set interface

-l : set log file

-d : run in background

- RULES : You can set up rules like in tcpdump

And now, just wait, it needs some time to find users who use NAT.