With the upcoming release of SATAN and the availability of programs such as strobe by Julian Assange (proff@suburbia.apana.org.au) I was wondering if anyone has created a sniffer that looks for ICMP port unreachables. I was figuring I could sniff the packets leaving my network and look for ICMP port unreachables since it would be a dead giveaway that someone was trying to light up the TCP ports of one of our computers. I figure it shouldn't be too much work to write a quick program on top of libpcap to do this. Has someone written a package like this? Is there a better way to watch for scans like this? I sure don't want to have each computer listening to all ports and logging each connection. /etc/inetd.conf from hell. =) I got sick of watching all those introductions go by so I figured I'd ask a question... Raise the signal/introduction ratio. =) -John Ob Introduction: ---- John Studarus studarus@{CMU,PSC}.EDU Carnegie Mellon University - M.S. Student, Information Networking Institute Pittsburgh Supercomputing Center - Network Engineer