Whenever you want to keep track all of your network activity, you can use handy utilities like nmap and ndiff.

nmap takes snapshot of your network in different formats and ndiff tells difference or change in networked machines between specific time.

Installing nmap and ndiff

Installation on RPM based distribution

 yum install nmap ndiff

Installation on ubuntu

sudo apt-get install nmap ndiff

Network scan using nmap

Nmap is a tool which is used to scan your network we will show a way to see difference in network status between specific time. nmap scans network where ndiff catches the change.

Scan network

 nmap -n -oX current.xml 192.168.1.1/24
  • -n indicates Never do DNS resolution
  • -o indicates Guess OS more aggressively
  • X indicates XSL stylesheet
  • current.xml is file where output will be placed
  • 192.168.1.1/24 is network to be scaned

 

Output of above command appears as follows

nmap

You should take Output in XML format because ndiff command use xml format to show changes in network activity

 

Scan network after 10 minutes

 nmap -n -oX current2.xml 192.168.1.1/24

See difference in network after 10 minutes

ndiff current.xml current2.xml

ndiff

The highlighted output shows us difference about changes in network between 10 minutes. Before 10 minutes ssh and telnet ports were opened on host (192.168.1.203). But after 10 minutes both ports are closed.