Scribd Logo
Upload

Welcome to Scribd!

  • CSE 7349 - Project Port Scan Detector (PSD)

    Uploaded by

    ftkoay
    12 views6 pages
    This document discusses a project to develop a port scan detector (PSD) program. The PSD would monitor network traffic in real-time or by analyzing log files to detect port scanning techniques used by hackers to find exploitable ports. It describes common port scanning methods like SYN scanning and various TCP/IP and UDP techniques. The document also mentions using the libpcap library, which provides a portable framework for packet capture, to analyze network traffic and detect port scans.

    Original Description:

    Original Title

    Project

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses a project to develop a port scan detector (PSD) program. The PSD would monitor network traffic in real-time or by analyzing log files to detect port scanning techniques used by hackers to find exploitable ports. It describes common port scanning methods like SYN scanning and various TCP/IP and UDP techniques. The document also mentions using the libpcap library, which provides a portable framework for packet capture, to analyze network traffic and detect port scans.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views6 pages

    CSE 7349 - Project Port Scan Detector (PSD)

    Uploaded by

    ftkoay
    This document discusses a project to develop a port scan detector (PSD) program. The PSD would monitor network traffic in real-time or by analyzing log files to detect port scanning techniques used by hackers to find exploitable ports. It describes common port scanning methods like SYN scanning and various TCP/IP and UDP techniques. The document also mentions using the libpcap library, which provides a portable framework for packet capture, to analyze network traffic and detect port scans.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    CSE 7349 - Project Port Scan Detector (PSD)

    Introduction

    Port Scanning is a method for discovering exploitable communication channels in a network. The idea is to probe as many listeners as possible, and keep track of the ones that are receptive or useful to your particular need. A hacker program uses port scanner logic and scans through all well-know ports (may be all 65535 ports) to find

    Port Scan detector is a program to check if there is any ongoing port scans. This can be done in real time or by analyzing a log file like tcpdump file.

    Methods for detecting port scans

    Several packets to different destination ports from the same source address within a short period of time. SYN to a non-listening port. There are many other ways to detect port scans, up to dumping all the packet headers to a file and analyzing them manually.

    Scanning Techniques

    FTP bounce attack TCP connect () TCP SYN scanning TCP FIN scanning Reverse ident scanning UDP ICMP port unreachable scanning ICMP echo scanning UDP recvfrom() and write() scanning

    Libpcap

    System-independent interface for user-level packet capture. Provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc. Available at http://www.tcpdump.org.

    You might also like