• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

network scan

how can i find who is scanning my network or the open ports of my servers
0
ammadeyy
Asked:
ammadeyy
3 Solutions
 
r_naren22atyahooCommented:
type this on the server at command prompt

netstat -a
this will give you all the current connections made to the server and its ports

regards
Naren
0
 
naveedbCommented:
Try any of the following:

http://www.angryziber.com/ipscan/

http://www.bluebitter.de/portscn2.htm

Enter starting and ending IP Address of servers and range of ports you wish to scan.
0
 
ammadeyyAuthor Commented:
netstat -a giveves current connections

suppose i want to monitor who scan my server yesterday (looking for holes)
any possibility to run a software and keep logs?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Nick DennyCommented:
Peerguardian 2 monitors all connections and logs them - although this is not what is intended for (its a sort of firewall).

http://phoenixlabs.org/pg2/

So long as you don't set any blocks on it - it wil happily monitor whats going on.
0
 
Nick DennyCommented:
Oh and to test ports use Shields UP (web site)

https://www.grc.com/x/ne.dll?bh0bkyd2

0
 
giltjrCommented:
You need to get some type of firewall that logs all attempts.    Peerguardian is basically a firewall that logs attempted connects, which is basically what port scans do.  Other personal firewalls (including the one provided with XP SP2) can also log attempted connects.

However, knowledge of your network is a must.  If you are behind a firewall, then you need a firewall that logs port scans.  You should NOT just monitor ports scans for ports you have open, you really need to monitor for ports scans for ports you don't have open.

If you have a port open, say you host a Web server, you expect to see connections to port 80 (and 443).   What you want to monitor there is for penetatration attempts, which should be logged by your web server in the way of failed gets.  If you see a lot of gets for directories/files that you don't have, somebody is attempting to map you your web server.
0
 
Sam PanwarSr. Server AdministratorCommented:
Hi,

Good and popular Network Analyzer
http://www.ethereal.com/
http://www.colasoft.com/
http://www.tamos.com/products/commview/
http://network-tools.com/analyze/

Firewalls for it :

ZoneAlarm
The basic version is still free!
http://www.zonelabs.com/


Black Ice Defender  
http://blackice.iss.net/
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behaviour.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now