Introduction

Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it takes two Nmap XML output files and prints the differences between them: hosts coming up and down, ports becoming open or closed, and things like that. Ndiff can produce output in human-readable text or machine-readable XML formats. Many people like to scan their networks regularly (daily, weekly, etc.) and then use ndiff to easily detect any changes. The scans, ndiff run, and emailed report are often automated using tools such as cron on UNIX or the Scheduled Tasks tool on Windows. Ndiff is also used by the Zenmap GUI to compare scan results.

Ndiff is integrated with Nmap versions 4.85BETA1 and later, which you can obtain from the Nmap download page.

The best Ndiff documentation is currently the Ndiff man page.