Ask Your Question
0

Can I detect who is doing a port scan on one of our internal servers

asked 2020-12-09 15:23:28 +0000

GTB gravatar image

I have an internal server that it appears is having some form of port scanning being run against it. I suspect it is being run by someone or some service that is on our internal network. Can Wireshark identify the source of these port scans? And if so, how would I do that?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-11 19:55:25 +0000

Jaap gravatar image

If you can get a sample of the network traffic you should be able to see a sequence of packets from the same IP address with differing port numbers, and possibly ICMP port unreachable replies. That IP address would lead to a source.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-12-09 15:23:28 +0000

Seen: 2,177 times

Last updated: Dec 11 '20

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2