Ask Your Question

Can I detect who is doing a port scan on one of our internal servers

asked 2020-12-09 15:23:28 +0000

GTB gravatar image

I have an internal server that it appears is having some form of port scanning being run against it. I suspect it is being run by someone or some service that is on our internal network. Can Wireshark identify the source of these port scans? And if so, how would I do that?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-12-11 19:55:25 +0000

Jaap gravatar image

If you can get a sample of the network traffic you should be able to see a sequence of packets from the same IP address with differing port numbers, and possibly ICMP port unreachable replies. That IP address would lead to a source.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-12-09 15:23:28 +0000

Seen: 1,041 times

Last updated: Dec 11 '20