dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1977
share rss forum feed


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL

Light and simple port scanner detector

What would be a light (not big in file size, not big in CPU use, not big in RAM use) and simple/easy port scanner detector program an user could install on their computer?

Thanks
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


HELLFIRE
Premium
join:2009-11-25
kudos:13

NMap?

I'd also start any search for tools like this at this URL first.

Regards



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL

said by HELLFIRE:

NMap?

I'd also start any search for tools like this at this URL first.

Regards

That is about port scanning from your computer to another computer, but what about detecting the port scan (another computer tried to connect to your computer) ?

Thanks
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


a890p63

@verizon.net

1 recommendation

reply to aefstoggaflm

Wireshark »www.wireshark.org/


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to aefstoggaflm

This implies you're running without an external firewall-like device (e.g., NAT router), because with such a device, port scans aren't getting to your computer in the first place.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit
reply to aefstoggaflm

said by aefstoggaflm:

said by HELLFIRE:

NMap?

I'd also start any search for tools like this at this URL first.

Regards

That is about port scanning from your computer to another computer, but what about detecting the port scan (another computer tried to connect to your computer) ?

Thanks

Whatever software firewall you are running on any PC will be able to log connection attempts, including the ubiquitous iptables on *nix installations and the built-in firewall in Windows. Assuming that you are not running with the firewall turned off, then that would accomplish your stated goal with zero additional resources required.

Here is an extract from my Windows Server firewall log that was the result of a portscan from a workstation on my LAN:

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
 
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2846 22 48 S 1439425901 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2847 23 48 S 2122970020 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2849 37 48 S 3495206529 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2852 67 48 S 81583040 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2853 68 48 S 3120065736 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2854 69 48 S 414767955 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2856 92 48 S 326218080 0 65535 - - - RECEIVE
2013-04-27 15:08:47 DROP TCP 192.168.9.100 192.168.9.2 2858 111 48 S 1475373434 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2859 113 48 S 2279880755 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2860 119 48 S 2050900059 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2861 123 48 S 1024018527 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2863 137 48 S 1228554183 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2864 138 48 S 3760154749 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2866 143 48 S 4185198817 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2867 368 48 S 2077184260 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2868 389 48 S 1337648335 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2871 465 48 S 1206118341 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2872 500 48 S 951676462 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2873 514 48 S 1665636700 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2874 515 48 S 731877731 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2876 808 48 S 2281122644 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2877 995 48 S 127489111 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2878 1030 48 S 1218047252 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2879 1031 48 S 3717338136 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2880 1032 48 S 3541885920 0 65535 - - - RECEIVE
2013-04-27 15:08:48 DROP TCP 192.168.9.100 192.168.9.2 2881 1080 48 S 2163800732 0 65535 - - - RECEIVE
2013-04-27 15:08:49 DROP TCP 192.168.9.100 192.168.9.2 2883 1993 48 S 2959573278 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2846 22 48 S 1439425901 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2847 23 48 S 2122970020 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2849 37 48 S 3495206529 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2852 67 48 S 81583040 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2853 68 48 S 3120065736 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2854 69 48 S 414767955 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2856 92 48 S 326218080 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2858 111 48 S 1475373434 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2859 113 48 S 2279880755 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2860 119 48 S 2050900059 0 65535 - - - RECEIVE
2013-04-27 15:08:50 DROP TCP 192.168.9.100 192.168.9.2 2861 123 48 S 1024018527 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2863 137 48 S 1228554183 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2864 138 48 S 3760154749 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2873 514 48 S 1665636700 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2874 515 48 S 731877731 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2876 808 48 S 2281122644 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2884 2021 48 S 224424149 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2885 2023 48 S 3821083946 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2886 2025 48 S 834360595 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2887 2080 48 S 49037847 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2888 3000 48 S 3065393338 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2889 3001 48 S 1275857470 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2890 3002 48 S 1919888937 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2891 5631 48 S 810482677 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2877 995 48 S 127489111 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2878 1030 48 S 1218047252 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2879 1031 48 S 3717338136 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2880 1032 48 S 3541885920 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2892 5632 48 S 3344808073 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2893 5800 48 S 451245790 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2895 6000 48 S 944184951 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2896 6588 48 S 684183516 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2897 6667 48 S 1211553907 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2898 8008 48 S 460921155 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2899 8010 48 S 2170927839 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2900 8020 48 S 302850129 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2901 8021 48 S 2087612128 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2902 8022 48 S 998642545 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2904 8025 48 S 3602507677 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2906 8110 48 S 630598123 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2907 8800 48 S 4293672595 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2908 8888 48 S 4233241235 0 65535 - - - RECEIVE
2013-04-27 15:08:51 DROP TCP 192.168.9.100 192.168.9.2 2881 1080 48 S 2163800732 0 65535 - - - RECEIVE
2013-04-27 15:08:52 DROP TCP 192.168.9.100 192.168.9.2 2883 1993 48 S 2959573278 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2884 2021 48 S 224424149 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2885 2023 48 S 3821083946 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2886 2025 48 S 834360595 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2887 2080 48 S 49037847 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2888 3000 48 S 3065393338 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2889 3001 48 S 1275857470 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2890 3002 48 S 1919888937 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2891 5631 48 S 810482677 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2892 5632 48 S 3344808073 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2893 5800 48 S 451245790 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2895 6000 48 S 944184951 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2896 6588 48 S 684183516 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2897 6667 48 S 1211553907 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2898 8008 48 S 460921155 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2899 8010 48 S 2170927839 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2900 8020 48 S 302850129 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2901 8021 48 S 2087612128 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2902 8022 48 S 998642545 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2904 8025 48 S 3602507677 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2906 8110 48 S 630598123 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2907 8800 48 S 4293672595 0 65535 - - - RECEIVE
2013-04-27 15:08:54 DROP TCP 192.168.9.100 192.168.9.2 2908 8888 48 S 4233241235 0 65535 - - - RECEIVE
 


--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to dave

said by dave:

This implies you're running without an external firewall-like device (e.g., NAT router), because with such a device, port scans aren't getting to your computer in the first place.

That kind of depends on how hostile your LAN is doesn't it? See the example Windows firewall log I just posted: »Re: Light and simple port scanner detector
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:9
Reviews:
·SONIC.NET
reply to aefstoggaflm

One way to detect port scans is to enable logging at your firewall (instead of silently dropping invalid requests) and then to analyze the log results. This method works best to detect port scans originating from the Internet.

Logging every attempt to connect to the system in question may produce a significant amount of data in a short period of time.
Processing the logged data can be compute intensive and therefore remote logging (e.g.: syslog) is often used to minimize the performance and space requirements on the firewall. This can result in a very undesirable feedback loop if the remote logging itself is being logged too (do not log outgoing packets generated on the firewall when using remote logging).

Another common way to detect port scans are network intrusion detection systems (such as the popular snort package). This method works best to detect port scans within a LAN possibly from a malicious app run on another computer.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to NetFixer

said by NetFixer:

That kind of depends on how hostile your LAN is doesn't it?

Well, yeah - I assumed the bad guys were all outside.


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by dave:

said by NetFixer:

That kind of depends on how hostile your LAN is doesn't it?

Well, yeah - I assumed the bad guys were all outside.

Not if you are in a .edu environment, or are a frequent user of a poorly managed public WiFi hotspot that does not isolate each client's connection.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:9
Reviews:
·SONIC.NET
reply to dave

said by dave:

Well, yeah - I assumed the bad guys were all outside.

The purpose of "social engineering" is to give those bad guys a helping hand from the inside. Even if you can trust all those who have legitimate access to your network not to attack you, can you also trust them not to fall for a scam that gives a bad guy access and control over their workstation (as a stepping stone to the rest of your network) ?
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

TheMG
Premium
join:2007-09-04
Canada
kudos:2
Reviews:
·NorthWest Tel

leibold makes an excellent point. Social engineering has become an increasingly popular method for hackers to gain access to local networks. It is usually far easier than trying to find open ports and then trying to exploit vulnerabilities in those services in an attempt to infiltrate the network.

In other words, unless you have complete control and trust of all the devices on the LAN you are connected to, you can't be totally sure that nothing's trying to get into your computer.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

Sure, but since the OP is vague, we can only guess. I assumed he was talking about a home network which, if it's anything like mine, can be trusted.

I'm not saying you're wrong; rather that people with questions needed to be a little more explicit



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by dave:

Sure, but since the OP is vague, we can only guess. I assumed he was talking about a home network which, if it's anything like mine, can be trusted.

I'm not saying you're wrong; rather that people with questions needed to be a little more explicit

But trying to guess the real question is part of the game when aefstoggaflm See Profile posts a question.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


norwegian
Premium
join:2005-02-15
Outback
reply to aefstoggaflm

said by aefstoggaflm:

Simple/easy port scanner detector program an user could install on their computer?

I think a little more on the network is required.

For a single computer hooked up to the Internet, the router and or software firewall would stop most scans, so anything on the computer would be useless.

Otherwise Snort?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL
reply to dave

All it takes is one example to prove the statement that I am quoting wrong.

said by dave:

This implies you're running without an external firewall-like device (e.g., NAT router), because with such a device, port scans aren't getting to your computer in the first place.

Oh really..

I am forwarding ports in my NAT router to my computer.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 recommendation

said by aefstoggaflm:

All it takes is one example to prove the statement that I am quoting wrong.

said by dave:

This implies you're running without an external firewall-like device (e.g., NAT router), because with such a device, port scans aren't getting to your computer in the first place.

Oh really..

I am forwarding ports in my NAT router to my computer.

OK, so how about clarifying your original question for the benefit of those of us who can't read between the invisible lines.

Are you concerned about someone on the Internet actually trying to use the ports that you have so generously opened for them, or are you concerned that some coworker or family member on your LAN might be trying to access those ports? Are you trying to run some kind of makeshift honeypot? I mean seriously, you are well known for your vague questions (that often don't have any real answers), but this one is a classic WTH question.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to aefstoggaflm

Wel, now it's even more confusing. That you have forwarded 'ports' suggests you have some reason for so doing - that there are useful services at those ports. And at the same time you're talking about 'port scanning', which is an attempt to detect which ports have services on them.

Surely you only forwarded ports with services? In which case, the service *will* get the request, and your firewall is not involved, and you'll need to look to your service to tell you what it is doing.

Unless for some bizarre reason you tell the NAT router to forward things that you then block at your computer: but WHY do that?



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL
reply to NetFixer

said by NetFixer:

said by aefstoggaflm:

All it takes is one example to prove the statement that I am quoting wrong.

said by dave:

This implies you're running without an external firewall-like device (e.g., NAT router), because with such a device, port scans aren't getting to your computer in the first place.

Oh really..

I am forwarding ports in my NAT router to my computer.

OK, so how about clarifying your original question for the benefit of those of us who can't read between the invisible lines.

I want to be sure that the router is not blocking the ports so that I can start the server and then users from the net can connect to me.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

Well, then you're doing it arse-backwards.

1. Run the server
2. See whether the clients can connect to the server

Screwing around with 'port scanners' is not useful.



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL

said by dave:

Well, then you're doing it arse-backwards.

1. Run the server

Then the issue of software firewalls comes up.

I want to see if traffic is coming in from the outside, regardless of how the software firewall is setup...
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

I guess then if you are looking at Wireshark then you need to look for tools that specifically use NDIS so that it is giving you all results and not interfered by firewalls and such nonsense.

»msdn.microsoft.com/en-us/library···85).aspx

Microsoft has a tool too - »support.microsoft.com/kb/933741

Wireshark is a tool that utilizes another tool that other software also implement their tools around. See WinPcap
»www.winpcap.org/
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


HELLFIRE
Premium
join:2009-11-25
kudos:13

1 recommendation

reply to aefstoggaflm

said by aefstoggaflm:

I want to be sure that the router is not blocking the ports so that I can start the server and then users from the net can connect to me.

....as dave See Profile says, you're doing it backwards.

Nmap from the inside and outside of your network could do this. Also, you could easily try Shields Up from grc.com.
That'd be the fastest way to check this out.

As for this comment

said by aefstoggaflm:

I want to see if traffic is coming in from the outside, regardless of how the software firewall is setup...

...not sure what you mean by "coming from the outside"? Do you mean coming from your router / firewall's WAN port,
or from a non-RF1918 IP address?

...still not clear what exactly you're trying to do here aefstoggaflm See Profile.

Regards


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:3
Reviews:
·PenTeleData
·Verizon Online DSL

said by HELLFIRE:

From a non-RF1918 IP address

That is correct.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter

2 recommendations

reply to aefstoggaflm

I have been using an old program for years now called Wall Watcher. It has not been updated in years but still work with most routers. It has all the tools you need to see what ports are being scaned and by who.

»wallwatcher.com/



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to aefstoggaflm

Enable logging on your software firewall, so that it logs when it rejects something.