Network Analysis Tools

Fortunately, there are some excellent initiatives in this area. The following tools specialize in logging and monitoring port network scanning activities, but so far we have researched, they do not focus on identifying Nmap port scans.

Mozilla InvestiGator

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints. It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds. MIG was created in 2013 by Julien Vehent, in the Operations Security team at Mozilla. It is developed as a fully open source project, published under the Mozilla Public License, and welcoming contributors from everywhere: http://mig.mozilla.org

PSAD: Intrusion Detection and Log Analysis with iptables

This is also a very effective way to detect port scanning activities in Linux/Unix systems.Only available to Linux systems. http://cipherdyne.org/psad/

OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, root kit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.

TripWire Open Source Tools

The first version of Tripwire was written by Gene Kim and Dr. Eugene Spafford at Purdue University in 1992 and released to the open source community. Since 1999 Tripwire Inc. has continued to innovate and expand on the platform to a complete suite of security solutions. More information visit: http://www.tripwire.org