scanlogd is an open source, multiplatform and freely distributed command-line software implemented in C as a system daemon that will act as a TCP port scan detection utility. It was initially designed to visualize various IDS (Intrusion Detection System) attacks.
It’s a safer TCP (Transmission Control Protocol) port scan detection tool, when compared with similar programs, and it is aware of the libpcap and libnids libraries. However, the developers don’t recommend the use of libpcap alone.
Getting started with scanlogd
This CLI tool requires compilation prior to installation, which means that you will have to first download the gzipped source archive of scanlogd from Softpedia or via its official website (see link at the end of the review), save the file on your PC and unpack it using an archive manager.
Fire up your preferred Terminal app, navigate to the location of the extracted archive files (e.g. cd /home/softpedia/scanlogd-2.2.7) and then execute the ‘make’ command to compile the program. Please note that you must choose a packet capture interface.
Therefore, you should execute the ‘make linux’ command to use the raw socket interface on Linux, run the ‘make libnids’ command to use libnids with the libnet and libpcap libraries, as well as the ‘make libpcap’ command to use the libpcap library standalone.
Finally, install the scanlogd daemon system wide by executing the ‘make install’ command as root or the ‘sudo make install’ command as a user with root privileges.
Under the hood and supported operating systems
The scanlogd software is very small, written entirely in the C programming language, engineered to run under GNU/Linux, Microsoft Windows and Mac OS X operating systems, but the libnids library is required for the Mac and Windows platforms. At the moment, both 32-bit and 64-bit computer architectures are supported.