This project consists of two versions of a Nmap detector program (in C and Python). The programs listen for potential Nmap SYN scans on the network and, upon detection, automatically trigger tshark to capture network traffic for 10 minutes. The capture files are saved in a captures_nmap directory.You can modify the program to block the ip too.
- C Version: Requires a C compiler (
gcc),tshark, and root privileges. - Python Version: Requires Python 3.x,
tshark, and root privileges. - Root privileges to run the program and capture network traffic.
-
Install
tshark(part of Wireshark):sudo apt-get install tshark
-
Compile the C program:
gcc -o ND ND.c
-
Make sure you have the
captures_nmapdirectory:mkdir captures_nmap
-
Set the correct permissions:
chmod 777 ~/your/path/to/Nmap-Detector chmod 777 captures_nmap
-
Install Python 3.x if you don't have it:
sudo apt-get install python3
-
Install
tshark:sudo apt-get install tshark
-
Make sure you have the
captures_nmapdirectory:mkdir captures_nmap
-
Set the correct permissions:
chmod 777 ~/your/path/to/Nmap-Detector chmod 777 captures_nmap
-
Run the C program with
sudoto give it the necessary permissions to capture network traffic:sudo ./ND
-
The program will:
- Listen for incoming TCP packets.
- Detect potential Nmap SYN scans.
- Trigger a
tsharkcapture for 10 minutes when a scan is detected. - Save the capture files in the
captures_nmapdirectory ascnmap1.pcap,pnmap2.pcap, etc.
-
Run the Python program with
sudo:sudo python3 ND.py
-
The program will:
- Listen for incoming TCP packets.
- Detect potential Nmap SYN scans.
- Trigger a
tsharkcapture for 10 minutes when a scan is detected. - Save the capture files in the
captures_nmapdirectory asNMap1.pcap,NMap2.pcap, etc.
This project is licensed under the MIT License.