The last tool that comes packed with the Nmap suite is Ndiff. For those unfamiliar with the traditional *NIX tool "diff," it is designed to visually show the differences between two separate files of text. In other words, if you (for example) want to see which lines of code changed when a patch was applied, you can "diff" the new patch and the old code, and visually see the differences. The following screenshot shows a basic Nmap command:
In the preceding screenshot, we launched a scan against my web server—dshaw.net—for ports 80 and 81. We named our first scan scan1.xml and ran another scan against the same host—we called it scan2.xml. The only difference is that I used Ncat (which we learned about earlier in this chapter) to open up port 81 to the Internet.
In order to compare the results, we simply have to call ndiff scan1.xml scan2.xml—very straightforward. The following screenshot demonstrates this command:
