scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article (see below). Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use.
This release of scanlogd can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Linux (which does not require any libraries), scanlogd is now aware of libnids and libpcap.
The use of libpcap alone is not a good idea. If you're on a system other than Linux and/or want to monitor the traffic of an entire network at once, you should be using libnids in order to handle fragmented IP packets.
Product's homepage
Find us on Google+
