Ethereal-users: Re: [Ethereal-users] Port Scan Reports

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Deogratias Nondi" <dgratius@xxxxxxxxxxx>
Date: Fri, 24 Feb 2006 23:05:50 +0000
Hi Jens,

My point is not protecting my network using Ethereal. I am trying to study some captured data in order to understand better different types of scans.

More ideas will be highly appreciated.

Deo.



----Original Message Follows----
From: Jens Link <lists@xxxxxxx>
Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
Subject: Re: [Ethereal-users] Port Scan Reports
Date: Fri, 24 Feb 2006 21:20:47 +0100

"Deogratias Nondi" <dgratius@xxxxxxxxxxx> writes:

> Hi,
>
> I am a bit new to etherial and was wondering what kind of port scans can
> etherial detect.

I don't think that ethereal is the right tool for the job. I'd take a
look at a netflow based tool like nfdump/nfsen or a firewall log if I
was concerned about some every day port scanning. Do you call the police
every time somebody looks at your door? I'd be concerned with port scans
emanating form one of my systems without my knowledge.

> How do I recognize these scans in a captured report?

By hard work and/or good luck. Sorting by destination would be a
first step.

> If I wanna learn further about the scan ( i.e where it came from and
> how to protect it) where do I go in Ethereal?

You might find information about the source of the port-scan by
filtering and sorting the the captured data. You can't use ethereal to
protect against a port scan. If you relay have problems with the traffic
caused by port scans you should talk to your ISP. He's the one with
the greater bandwidth and can take the appropriate measures.

One last advice: Do a popper setup of your system and just ignore
the normal background noise emanating form some script kiddies.

Jens
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users