HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 31 Dec 2025 10:36:03 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Location: https://www.openwall.com/scanlogd/ HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 31 Dec 2025 10:36:04 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive Location: https://www.openwall.com/scanlogd/ HTTP/1.1 200 OK Server: nginx Date: Wed, 31 Dec 2025 10:36:04 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip

Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Follow @Openwall on Twitter for new release announcements and other news

scanlogd - a port scan detection tool

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use.

This release of scanlogd can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Linux (which does not require any libraries), scanlogd is now aware of libnids and libpcap.

The use of libpcap alone is discouraged. If you're on a system other than Linux and/or want to monitor the traffic of an entire network at once, you should be using libnids in order to handle fragmented IP packets.

Please read the scanlogd(8) manual page and the original Phrack Magazine article.

Download (release notes):

• scanlogd 2.2.8 and its signature
• "Designing and Attacking Port Scan Detection Tools", the Phrack Magazine article

These files, as well as the third-party libraries listed below, are also available from the Openwall file archive. The source code of scanlogd can be browsed on GitHub.

Follow this link for information on verifying the signatures.

Related third-party raw IP networking libraries:

• libpcap - local copy of libpcap 1.0.0 (512 KB) and its signature
• libnet - required for libnids
  local copy of libnet 1.1.3 release candidate (1129 KB)
  local copy of libnet 1.0.2a (137 KB) - much smaller, but also works with libnids and scanlogd
• libnids - local copy of libnids 1.24 (148 KB) and its signature

Slightly older versions of these libraries are known to work with scanlogd, too.

Commercial support for scanlogd is available, please check out our services. We can help you configure, compile, and install both scanlogd itself and any or all of the third-party raw IP networking libraries.

Contributed resources:

• scanlogd 2.2 pre-compiled for Win32 (195 KB), by Michael Davis

scanlogd is part of Owl, Debian GNU/Linux, Gentoo Linux, distributions by ALT Linux team, and OpenWrt. There's an OpenBSD port of scanlogd in the OpenBSD ports collection and a FreeBSD port in the FreeBSD ports collection.

scanlogd is a registered project with Open Hub.

Looking for a good port scanner to test your installation of scanlogd? Use Nmap.

Quick Comment:

915394