Wireshark · Ethereal-users: Re: [Ethereal-users] Port Scan Reports

[Jack Jackson <jack@xxxxxxxxxxxxxxx>]

If by detect you mean have Ethereal flag packets as port scans, I doubt you 
can do that.  There are various techniques used for port scanning, and to 
detect most of them you almost certainly need more state information than 
Ethereal is capable of providing.  Part of the problem is that there is no 
clear cut definition of what constitutes a port scan.

If you don't know too much about port scanning, you could Google for "ip 
port scan techniques" - that turned up a number of hits describing various 
scanning techniques.

At 03:05 PM 2/24/2006, Deogratias Nondi wrote:
> Hi Jens,
>
> My point is not protecting my network using Ethereal. I am trying to study 
> some captured data in order to understand better different types of scans.
>
> More ideas will be highly appreciated.
>
> Deo.
>
>
>
> ----Original Message Follows----
> From: Jens Link <lists@xxxxxxx>
> Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> Subject: Re: [Ethereal-users] Port Scan Reports
> Date: Fri, 24 Feb 2006 21:20:47 +0100
>
> "Deogratias Nondi" <dgratius@xxxxxxxxxxx> writes:
>
> > Hi,
> >
> > I am a bit new to etherial and was wondering what kind of port scans can
> > etherial detect.