堆栈内存溢出
  简体   繁体   English

如何使用 python 检测 TCP 端口扫描

[英]How to detect TCP Port Scan using python

 原文  2021-12-16 18:43:28       python/ python-3.x/ port/ port-scanning

问题描述

I am a newbie to network programming in python.我是 python 网络编程的新手。 I would like to know if there is any way that we can code in python to detect this kind of scan.我想知道是否有任何方法可以在 python 中编码来检测这种扫描。 I would like to build a open source project by using the method that you might suggest.我想使用您可能建议的方法来构建一个开源项目。 Thanks in advance !!提前致谢 !!

2 个解决方案

解决方案1
 0  2021-12-16 18:53:40

I guess what you are trying to do is to detect whether someone is using nmap or some similar program to scan for open ports on the machine.我猜你想要做的是检测是否有人在使用 nmap 或一些类似的程序来扫描机器上的开放端口。

You should first understand how open tcp ports are detected.您应该首先了解如何检测打开的 tcp 端口。 that is done by sending a SYN packet to the remote machine.这是通过向远程机器发送一个 SYN 数据包来完成的。 when the remote machine will answer with SYN-ACK you know the remote machine port is open.当远程机器以 SYN-ACK 应答时,您知道远程机器端口已打开。

What you can do is to write python script that sniff the entire network data on the machine.你可以做的是编写 python 脚本来嗅探机器上的整个网络数据。 if you see a lot of SYN tcp requests (usually to a lot of ports) but without any actual data being sent.如果您看到很多 SYN tcp 请求(通常发送到很多端口)但没有发送任何实际数据。 you can know you are probably being scanned for open ports.您可以知道您可能正在扫描开放端口。 you can use scapy for network sniffing and packets analyzing您可以使用scapy进行网络嗅探和数据包分析

解决方案2
 0  2021-12-16 19:10:00

unfortunately there is no actual way to achieve this since port scanning have no standard protocol which can be used to indicate, it is just like a regular socket connection, be it a client connection to fetch a web page for example.不幸的是,没有实际的方法来实现这一点,因为端口扫描没有可用于指示的标准协议,它就像一个常规的套接字连接,例如获取 web 页面的客户端连接。 (it can be port scanner for port 80 or actual client who wants specific page) (它可以是端口80的端口扫描器或需要特定页面的实际客户端)

you can develop an algorithm that checks the number of requests received to say.. 100 random ports, and if at least x of them points to those random ports within a time range, it can possibly be a port scanner.您可以开发一种算法来检查收到的请求数,例如100 个随机端口,如果在某个时间范围内至少有x个指向这些随机端口,则它可能是端口扫描器。

be aware this is will not always work, since port scanning doesn't always mean all ports , it can also be a range of ports , specific port and so on.请注意,这并不总是有效,因为端口扫描并不总是意味着所有端口,它也可以是一系列端口特定端口等。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用python的TCP端口 - 如何将命令输出转发到tcp端口? - TCP port using python - how to forward command output to tcp port? 使用python检测ARP扫描 - Detect ARP scan using python 使用Python扫描主机中的每个可能端口 - Scan every possible port in a host using Python 使用python3查找免费的TCP端口 - Find free tcp port using python3 python中的端口扫描 - Port scan in python Python中端口扫描的实现 - Implementation of Port scan in Python 不使用驱动程序的 Python-TCP SYN 扫描 - Python-TCP SYN scan without using driver Python TCP端口扫描程序 - Python TCP port scanner 如何使用方法(TCP SYN)创建端口扫描程序TCP SYN? - How to Create a port scanner TCP SYN using the method (TCP SYN )? 扫描ip地址的端口并使用python打印响应状态 - Scan a port of an ip address and print the response status using python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM