Pyscanlogger - Python Port scan detector
A pure Python program to detect network port scanning attacks. Currently logs different TCP port scans. Can run in the background like a daemon and log attacks to a log file.
The latest code for this including some added features can be seen here http://code.google.com/p/pyscanlogd/
Pyscanlogger is dependent on pypcap and dpkt packages.
- pypcap is availavle from https://pypi.python.org/pypi/pypcap
- dpkt is availavle from http://code.google.com/p/dpkt/
Install pypcap and dpkt from their project pages.
- Download dpkt source code from http://code.google.com/p/dpkt/
- extract file and move to dpkt folder
- python setup.py build
- sudo python setup.py install
Install pypcap via pip install
sudo pip install pypcap
To run with default options just run the tool as root.
$ sudo python pyscanlogger.py
To log a file pass the "-f" option.
$ sudo python pyscanlogger.py -f "./scanlog.log"
To run daemon pass the "-d" option.
$ sudo python pyscanlogger.py -d -f "./scanlog.log"
Note: When running as daemon, if -f option is not provided, no output is printed to stdout.