New in version 20-5663

February 21st, 2014
  • Added a new drag zoom feature to the "NST Ntopng IPv4 Hosts" application. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection. This drag zoom feature implements a traditional method for zooming in on a particular area of interest on Google Maps by positioning and sizing a zoom rectangle with the mouse. One can easily use this feature to zoom into an area of clustered Ntopng IPv4 Hosts for further investigation which is depicted in this Annotated Image.
  • Integration of the "Mate Desktop" and the "LightDM GTK Desktop" login screen greeter are now the preferred defaults for NST.
  • Added a new NST WUI page for the network utility script: "getipaddr".
  • Added a new "Network Interface Renaming" mode to the NST script: "nstnetcfg" that creates Predictable Network Interface Names which will survive each system reboot. This capability is beneficial to an NST system equipped with multiple Network Interface adapters.
  • Integration of "IPv4 Alias Address Management" into the NST script: "nstnetcfg" that allows for the creation and removal of IPv4 Alias Addresses.
  • A number of new articles on getting NST 20 up and running on a system have been written at the NST Wiki site:
  • Upgrade to NST 20
  • NST 20 Getting Started
  • NST 20 Hard Disk Installation
  • Copying ISO Images To USB
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in version 18-5413 (November 19th, 2013)

  • The next generation NST WUI Network Interface Bandwidth Monitor 2 application is available. It includes the following new features and enhancements:
  • Graph Zoom & Pan - Allows for different graph monitor views and fine-grain data rate measurements.
  • Selectable Sample Buffer Size - Allows for the generation of very long duration (i.e., days) monitoring graphs.
  • Data Rate Buffering - Allows for data rate capture while a monitor is paused.
  • Archive & Loading - Allows for historical review or data analysis from a monitor collected on a different NST system.
  • Monitor Snapshotting - Generate a Read-Only bandwidth monitoring graph clone for quick data rate measurements.
  • Trigger Event Graph Color - Create a Visual Alarm Display when a defined trigger event occurs.
  • Trigger Event Snapshot - Create a Monitor Snapshot each time a defined trigger event occurs.
  • Monitor Appearance - Customize the look of each monitoring graph.
  • An NST WUI Network Interface Bandwidth Monitor 2 screenshot is shown here monitoring Network Interface: "p1p1" with the Ruler Measurement Tool enabled.
  • Integrated the next generation ntop application: "ntopng" into the NST WUI. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection.
  • A new NST WUI Geolocation Application: "Ntopng IPv4 Hosts" is available using host information derived from ntopng. This application includes the following features:
  • Periodically query the ntopng server for Host information and then try to Geolocate each Host on a Google Map.
  • Map marker management allows one to extend the Geolocation Lifetime of each Host Marker for a user specified time duration.
  • One can choose from a large collection of transparent Host Markers for the generation of "Geolocated Hosts Heat Maps".
  • Integration of the NST IPv4 Address Tools widget and the ntopng Web-Based GUI to perform additional Network Surveillance with each ntopng detected Host.
  • An IPv4 Host Simulator is available to generate Random World-Wide Host Geolocations.
  • An IPv4 Host Simulator Mode using the GeoIPgen tool with the MaxMind Country WhoIs Database is available to produce Country Level Geolocation Isolation.
  • Use the IPv4 Host Simulator to expose Networks and Hosts for Global Network Exploration with the vast collection of integrated NST tools.
  • An NST Ntopng IPv4 Hosts screenshot is shown here with integrated NST tools focusing on host: "lga15s28-in-f4.1e100.net".
  • Several new tools were added to the NST WUI that allow you to convert files to different formats. These tools can be found under the 'Tools | Convert' menu and include the following abilities:
  • Convert from PostScript to PDF
  • Download a URL and render a PDF
  • Convert ASCII source code files to colorized HTML
  • Convert image files from one type to another
  • A new tool was added to the NST WUI that allows you to easily browse the RPM packages installed on the system. To bring up the index of all RPM packages, select 'Tools | WUI Widgets | NST RPM Index' from the menu. If the RPM index was not recently generated it will take a few moments for the system to determine the list of installed RPM packages. Once the index is displayed, you can click on any entry to easily examine information about each installed package.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in version 18-4509 (April 15th, 2013)

  • Created a more friendly and intuitive user experience when booting NST Live and performing a Hard Disk installation.
  • Added a new NST script: "nstipconf" which provides management to easily setup IPv4 Address and stealth network configurations in an NST system equipped with multiple network interface adapters for performing network surveillance tasks.
  • Many new NST WUI enhancements and refinements including:
  • The NST WUI network monitoring management pages (i.e., Nagios Core, Zabbix and Argus Monitor) have been refactored for ease of use, enhanced management and setup capability.
  • The "Snort" network Intrusion Detection System (IDS) page now uses Barnyard2 integration for Unified2 IDS event data storage to the MySQL database.
  • A new system SCSI storage device information page was added.
  • SSH access using the Google Chrome Secure Shell has now been integrated into the NST IPv4 Tools widget. This allows SSH access using the Google Chrome Browser on any OS platform without the need to install a native SSH client.
  • Many new NST Network Interface Bandwidth Monitor features including:
  • Added a Query Update Rate Monitor.
  • Significantly increased the query update rate performance.
  • Added the ability to create two Custom Bandwith Monitors. This will allow one to simultaneously display network bandwidth rate graphs from two different network interfaces. This can be quite useful for displaying bandwidth network traffic at full line rates when using a non-aggregational network TAP (See the example network diagram below.).
  • Each Bandwidth Monitor can now have its appearance customized using a NST Options Widget popup. One can adjust the background color and the color of each monitor graph. The opacity levels can also be adjusted on a per graph basis. These controls use to be global and applied to all monitors, but now they can be applied individually.
  • Now optionally collecting Bandwidth Monitor Data Rates when the monitor is hidden from view.
  • Added clearer Threshold Pause State Change information in each status area.
  • A Threshold Pause Session can now be automatically enabled upon page load.
  • The Bandwidth Monitor Background Color can change when a Threshold Pause Trigger Event occurs. This can be used in conjunction with the "Auto ReArm" option for a Visual Alarm Display when a Threshold Pause Trigger Event occurs.
  • You can now download or export Bandwidth Monitor Data Rates as a CSV formatted file which can then be used by most data analysis applications.
  • A new Threshold Pause Trigger Event Action has been added: The Bandwidth Monitor Data Rates can now be exported as a CSV formatted file to the NST system when a Threshold Pause Trigger Event occurs. A selection of Pause NICs and their associated data rate values can be included in the file.

New in version 2.16.0-4104 (September 5th, 2012)

  • This release is based on Fedora 16 using Linux Kernel: "3.4.9-2.fc16". This is a interim release which includes all of the NST and Fedora 16 package updates since 2012-Feb-27 rolled into a fresh ISO image. If you are building your own NST yum repository or have a subscription to the NST PRO yum repository, you may not need this ISO image as you should be able to simply yum update you NST system(s).
  • Here are some of the highlights for this release:
  • The NST project team has worked with the CloudShark folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. See also the HowTo Use The NST CloudShark Upload Manager NST Wiki page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for more information.
  • The NST WUI ARP Scan page, which utilizes the arp-scan utility, has been completed. This allows you to quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the article: HowTo Use The NST WUI arp-scan page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • A separate NST WUI ARP Scan monitoring page was added. This web page is designed to periodically run the arp-scan command. Results are accumulated from each run allowing you to keep track of what systems enter and leave your network throughout the day.
  • Many new NST WUI enhancements and refinements including:
  • Most NST WUI pages have been enhanced to use an NST Shell Command Console for resultant output. This allows for extreme flexibility when using the results for analysis or reports. See the NST Shell Command Console Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • New pop-up network tools widgets have been created for IPv4, IPv6, Host Names, and MAC addresses. NST WUI pages which display network addresses or host names will allow you to click on the network entity to bring up the appropriate tools widget. Once the widget is displayed, you can perform a variety of related actions using the network entity. Each widget has an integrated NST Shell Command Console for results. See the NST Network Tools Widgets Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • Both the Single and Multi-Tap Network Packet Capture pages now support the new PCAP Next Generation Dump File Format.
  • The NST Network Interface Bandwidth Monitor Ruler Measurement Tool has been enhanced with Peak/Trough Detection and a Ruler Guide Movement Control feature. This feature helps during bandwidth rate analysis by making it easier to position the left and right ruler tool guides when performing data rate measurements. See the NST Bandwidth Monitor Reference Diagram page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/NST_Network_Interf[..] for more information.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in version 2.16.0 (February 28th, 2012)

  • Major enhancements to the Network Interface Bandwidth Monitor application including a Threshold Pause feature with bandwidth rate state notifications.
  • Developed a new NST WUI ARP Scan AJAX application which utilizes the arp-scan network tool. One can quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the NST Wiki page: "HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts" for further information.
  • Integrated the w3af (Web Application Attack and Audit Framework) into the NST distribution for searching and exploiting web application vulnerabilities.
  • Added the netsniff-ng high performance Linux network analyzer and networking toolkit. It is featured in the NST Wiki article: LAN Ethernet Maximum Rates, Generation, Capturing & Monitoring.
  • The NST WUI is now touch device friendly and now works well with the Apple iPad. See the NST Wiki article: HowTo Use A Touch Device (iPad) with NST.
  • Developed many new systemd service controls and improved NST boot management with GRUB2 integration.
  • Many new NST WUI enhancements and refinements including a new CPU usage monitor and DNS name resolver popup widget.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in version 2.11.0 (September 23rd, 2009)

  • The entire NST distribution is RPM based and an NST system can be maintained using reduntant RPM repositories.
  • NST is now extensible. Add new applications with YUM install.
  • "NST Live" allows for read/write rootfs file system access so that new applications can be installed even though it was booted from a DVD device.
  • "NST Live" can be installed to a USB device for creation of a "NST Live USB Disk". One can then boot the "NST Live USB Disk" from a system capable of booting from USB devices.
  • An "NST Live USB Disk" may contain data persistence allowing session information to be maintained across system reboots and/or system moves.
  • For systems that lack a DVD device or can not boot from USB devices, the following solution was created for installation of NST to the system hard disk. The "NST Live" distribution is too big to fit on a CD. An "NST Minimal" ISO is provided and was designed to fit on CD media. One can boot the "NST Minimal" ISO, perform a hard disk installation using the NST script: "nstliveinst" and then YUM install the "nst-live" RPM package to completely build out the full NST distribution.
  • A new NST script: "nsttraceroute" has been created that Geocodes output from the traceroute utility in KML format for rendering with Google Earth.
  • Added 2 network content capture applications: "driftnet" and "tcpxtract". Driftnet is used to capture and display graphic images (i.e., GIF, JPEG and PNG). TCPxTract is used to capture complete documents including PDF or Microsoft Word docs.
  • The Multi-Tap Network Packet Capture page has been enhanced with the integration of ngrep and dsniff.
  • Many new applications have been added to this distribution release. Previous existing networking and security applications have been updated to their latest revision.

New in version 1.8.1 (January 9th, 2009)

  • This release is based on Fedora 8 using the Linux Kernel 2.6.26.8. Here are some of the highlights for this release: enhanced the management of snort IDS systems via the NST WUI; the addition of the WebDAV Resources packages; major updates to Nmap and its related tools including better support in the NST WUI for managing Nmap results; added access terminal server functionality using minicom from the NST WUI; enhanced the monitoring of serial data streams using the NST WUI; support for saving and loading packet capture and display filters in the single and multi-tap network packet capture sections of the NST WUI....