Objectives

Write a program to recognize port scanning on a specific host. First recognize the scan by analyzing the hosts trace file and/or the TCP dump file. Extend the program to recognize a port scan in real-time. Output the range of ports scanned and the duration of the scan. Describe the scan; was it sent at regular intervals, for example?

What type of scan occurred? What was the time interval? Measure the performance of your program. Determine the failure point; i.e. the maximum amount of network traffic that it can withstand. Produce an output log for the program, which contains information about the captured packets.

Display the Source MAC and IP addresses

Check the type of transport protocol used by looking at the protocol field of the IP packet.

If it a TCP or UDP packet extract and display the source and destination port numbers.

Specifically recognize all of the following attacks;

o TCP SYN scan

o UDP port scan

o IP protocol scan

o TCP Maimon scan

o TCP FIN, and Null scan

If you detect a port scan, display the number of ports scanned, originating IP address, destination IP, and list all the destination port addresses.