Can I detect who is doing a port scan on one of our internal servers

port_scan_source

asked 2020-12-09 15:23:28 +0000

GTB
1

I have an internal server that it appears is having some form of port scanning being run against it. I suspect it is being run by someone or some service that is on our internal network. Can Wireshark identify the source of these port scans? And if so, how would I do that?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-12-11 19:55:25 +0000

Jaap

13742 ●711 ●115

If you can get a sample of the network traffic you should be able to see a sequence of packets from the same IP address with differing port numbers, and possibly ICMP port unreachable replies. That IP address would lead to a source.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-12-09 15:23:28 +0000

Seen: 2,831 times

Last updated: Dec 11 '20

Can I detect who is doing a port scan on one of our internal servers edit

1 Answer