1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

port scan detector

Discussion in 'C' started by joeserhal, Apr 15, 2008.

  1. joeserhal

    joeserhal New Member

    Joined:
    Feb 13, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Hi there,
    I'm currently working on a PROJECT (so it can be clear) regarding port scan detection. I have written a code which is able to read all packets arriving on the device, and extract necessary information such as source & destination addresses, destination port, protocol used... Having done this, I have no idea how to proceed next regarding the actual the detection of a port scan...
    I have some questions regarding this:

    1) How can I know if a port being scanned is "open" or not (if the port is closed, and someone sends a packet/request to that port, doesn't it imply that it's an attack??)
    2) Also, when I receive the packets, and I want to do a real-time/ live detection, should I only read the info in the packets and then determine whether it is an attack and discard after that the packet, OR do I have to store the packets in someway in order to use them later for the detection?? :confused:

    Can anybody provide with some info regarding this...I really need some help as I do not know how to proceed from this current point?!

    Thanks
     
  2. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
  3. joeserhal

    joeserhal New Member

    Joined:
    Feb 13, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Do you know how I can modify the attached file to determine/print the values of the flags in the TCP header (I'm talking about the FYN, SYN, RST, ACK....flags) when I receive the packets??
     
    Last edited by a moderator: Apr 17, 2008

Share This Page