scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use.
This release of scanlogd can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Linux (which does not require any libraries), scanlogd is now aware of libnids and libpcap.
The use of libpcap alone is discouraged. If you're on a system other than Linux and/or want to monitor the traffic of an entire network at once, you should be using libnids in order to handle fragmented IP packets.
Please read the scanlogd(8) manual page and the original Phrack Magazine article.
Download (release notes):
These files, as well as the third-party libraries listed below, are also available from the Openwall file archive. The source code of scanlogd can be browsed on GitHub or via CVSweb.
Follow this link for information on verifying the signatures.
Related third-party raw IP networking libraries:
Slightly older versions of these libraries are known to work with scanlogd, too.
Commercial support for scanlogd is available, please check out our services. We can help you configure, compile, and install both scanlogd itself and any or all of the third-party raw IP networking libraries.
scanlogd is part of Owl, Debian GNU/Linux, Gentoo Linux, distributions by ALT Linux team, and OpenWrt. There's an OpenBSD port of scanlogd in the OpenBSD ports collection and a FreeBSD port in the FreeBSD ports collection.
scanlogd is a registered project with Open Hub.
Looking for a good port scanner to test your installation of scanlogd? Use Nmap.