SourceForge.net Logo
PKDUMP

Latest Release                  : pkdump-3.3
Operating System      : Linux
Download                   :http://sourceforge.net/projects/pkdump
Italian Page                        :http://pkdump.sourceforge.net/pkdumpage-it.html
Change                              : Fix bug in read-write operation.
                                                        : Show the number of IP fragments.
With my Head
  DESCRIPTION :
         
   Of  "PKDUMP"
 Port Scanning Detector.

- Ver.   3.3

The program detect any TCP ,UDP port scanning or open connection
attempt from foreign host over the internet with IP protocol version 4
or IP protocol version 6 .

The program detect for:
TCP connect , TCP syn , TCP fin , TCP xmas, TCP ack, TCP null(no flags),
UDP port (connect) and UDP null (0 bytes, UDP packets lengt ) ,
whether the IP packet are fragmented or not.
(Please consult "Nmap"... man Nmap).

The program make a directory like this : "Pkdump-[date][time]" and in this
directory make a file "PKDATA" that contains all IP packet sent and
received during the transmission ,and during scanning attack make files
that contains the data of the attack ;the data of the port scanning will
displayed on the screen with a short beep;

The data of probable scanning contains :
                                        > Used protocoll (TCP or UDP)
                                        > Interface  name
                                        > Date and Time   
                                        > Type of scan    
                                        > Source port   
                                        > Destination port
                                        > Number of IP fragments.                                                           
                                        > Flags status (TCP scan only) 
                                        > Packet direction (Ingoing or Outgoing)         
                                        > Source IP Address 
                                        > Destination IP Address

In addition you can ignore Ingoing packet ,Outgoing packet or both of it  that
have its  destination to a port or range of port and have specified source
address or addresses. There are 6 options to specify the behaviour of pkdump.

Please read README.en or README.it for full features.

The program uses the " Packet Socket" therefore it needs to be compiled
in the kernel or could be insert it as a module(af_packet.o )

By invoking the program without any option a short help file will be
printed.
PKDUMP V. 3.3 : Usage :pkdump interface [-di] IP-version [options] flags.

TRY  IT  ! !

With my Heart


Any suggestion will be appreciate.