First time here? Check out the FAQ!

THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.

Can I detect who is doing a port scan on one of our internal servers

port_scan_source
retag add tags

I have an internal server that it appears is having some form of port scanning being run against it. I suspect it is being run by someone or some service that is on our internal network. Can Wireshark identify the source of these port scans? And if so, how would I do that?

GTB

asked 2020-12-09 15:23:28 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

If you can get a sample of the network traffic you should be able to see a sequence of packets from the same IP address with differing port numbers, and possibly ICMP port unreachable replies. That IP address would lead to a source.

13.7k

Jaap

answered 2020-12-11 19:55:25 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

Can I detect who is doing a port scan on one of our internal servers edit

Comments

1 Answer

Comments