mailing list archives
RE: Nmap-based mapping/monitoring tool
From: Jake Kallman <jkallman () unr nevada edu>
Date: Tue, 9 Mar 2004 13:21:16 -0800 (PST)
Thank you all for the very fast responses and great input =)
I'll take a look at ntop also. One thing that I didn't mention in the
initial post, and which might be of interest to Bob, is that to ease the
load on a central server (and the network on the whole) we were going to
make the server script work in a distributed and parallelized manner.
Where at the top level of your network you could have a server that just
compiles data from lower-tier machines which each run scans on the
machines connected to them. In this way the top level server does not
have to run any scans, but rather just get the database files from the
lower level machines at the scheduled intervals. We thought that this
would cut down a lot of scan time on larger networks, and also allow some
scalability so that as the program was installed on larger networks one
machine wouldn't be burdened with the job of handling all the scanning.
Not sure if this helps out any, but just an idea I thought I'd throw out
On Wed, 10 Mar 2004, Craig Humphrey wrote:
you may also want to look at ntop, which monitors a network through sniffing
(rather than active scanning), but integrates nmap to probe hosts.
There are a few commercial tools out there that do this kind of thing (or
similar, or sub/supersets).
I've used What's Up Gold quite a bit.
Just did a little google and https://freemap.qualys.com/ looks interesting,
and being browser based, there's a certain amount of freedom for the client
Have fun and keep us in the loop.
From: Jake Kallman [mailto:jkallman () unr nevada edu]
Sent: Tuesday, March 09, 2004 9:04 PM
To: nmap-dev () insecure org
Subject: Nmap-based mapping/monitoring tool
I am developing a network monitoring and mapping tool based
which will provide a graphical representation of a network
maintain a database of information about computers in that
essence, it will take the output of namp, run at scheduled
compare that data against data from previous runs to try and flag
potential security and infrastructure problems.
The idea, at a high level is fairly simple, and in fact is a
complicated than it needs to be since I'm doing this as a project to
complete my undergraduate degree in CS. I'm writing a driver program,
which will sit on a network server somewhere, and will run nmap at
scheduled intervals on all computers in the network (which
I'm going to
try and optimize somewhat by allowing for multiple nmapping
servers in the
network so as to distribute the work as much as possible). There will
also be a client application which will allow a user to
access this data
remotely (ideally I'm trying to create this client application to
allow users to log into the server from multiple platforms,
like PDAs and
cell phones, which might not be currently available, but when
I talked to
some network engineers in my area they said that it would be a great
feature). The client will access the data from the server program, and
create a graphical map of the network, showing any potential problem
areas. Ideally, I want to be able to flag network slowdowns
newly enabled/disabled ports on machines, newly connected
an eye toward being able to watch for unauthorized wireless
and things of that nature.
My question is whether or not this seems like a usable idea?
If not, then
what seems unfeasible about the design?
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org