Home > Software engineering >  How to detect TCP Port Scan using python
How to detect TCP Port Scan using python

Time:12-17

I am a newbie to network programming in python. I would like to know if there is any way that we can code in python to detect this kind of scan. I would like to build a open source project by using the method that you might suggest. Thanks in advance !!

CodePudding user response:

I guess what you are trying to do is to detect whether someone is using nmap or some similar program to scan for open ports on the machine.

You should first understand how open tcp ports are detected. that is done by sending a SYN packet to the remote machine. when the remote machine will answer with SYN-ACK you know the remote machine port is open.

What you can do is to write python script that sniff the entire network data on the machine. if you see a lot of SYN tcp requests (usually to a lot of ports) but without any actual data being sent. you can know you are probably being scanned for open ports. you can use scapy for network sniffing and packets analyzing

CodePudding user response:

unfortunately there is no actual way to achieve this since port scanning have no standard protocol which can be used to indicate, it is just like a regular socket connection, be it a client connection to fetch a web page for example. (it can be port scanner for port 80 or actual client who wants specific page)

you can develop an algorithm that checks the number of requests received to say.. 100 random ports, and if at least x of them points to those random ports within a time range, it can possibly be a port scanner.

be aware this is will not always work, since port scanning doesn't always mean all ports, it can also be a range of ports, specific port and so on.

  • Related