What is this
SYN-detector is a tool that analyzes a PCAP file in order to detect possible SYN scans.
Inspiration
Was reading up on newtwork security and found about a technique called SYN scan and learned these:
- Used to find open ports for attack
- Scanenr sends out TCP SYN packets (the first packet in the TCP handshake) and watches for hosts that respond with SYN+ACK packets (the second handshake step)
- Number of SYN packets is much higher than the number of SYN+ACK packets
Wanted to build a tool to detect possible SYN scans.
Prerequisites
Before you begin, ensure you have met the following requirements:
- You have installed the latest version of
python, scapy
Getting SYN-detector
To install SYN-detector, follow these steps:
git clone https://github.com/2kabhishek/SYN-detector
cd SYN-detector
Using SYN-detector
You'll need to have a PCAP file to analyze.
I have a PCAP file test-data.pcap that I used to test SYN-detector.
USAGE:
python syn-detector.py ./test-data.pcap
How it was built
SYN-detector was built using scapy
Challenges faced
While building SYN-detector the main challenges were:
- Figuring out TCP flags
What I learned
- Learned a lot about network security
- Hands on with scapy
What's next
Will make few more scripts using scapy.
Built With
- python
- scapy
Log in or sign up for Devpost to join the conversation.