Professional Documents
Culture Documents
Introduction
Port Scanning is a method for discovering exploitable communication channels in a network. The idea is to probe as many listeners as possible, and keep track of the ones that are receptive or useful to your particular need. A hacker program uses port scanner logic and scans through all well-know ports (may be all 65535 ports) to find
Port Scan detector is a program to check if there is any ongoing port scans. This can be done in real time or by analyzing a log file like tcpdump file.
Several packets to different destination ports from the same source address within a short period of time. SYN to a non-listening port. There are many other ways to detect port scans, up to dumping all the packet headers to a file and analyzing them manually.
Scanning Techniques
FTP bounce attack TCP connect () TCP SYN scanning TCP FIN scanning Reverse ident scanning UDP ICMP port unreachable scanning ICMP echo scanning UDP recvfrom() and write() scanning
Libpcap
System-independent interface for user-level packet capture. Provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc. Available at http://www.tcpdump.org.