The author Anthony Brunetti and date 10/21/20 This project was done in python 3.8.6. The libraries used are: os scapy (v. 2.4.4) collections time logging matplotlib csv

Function sniff_interface This function sniffing IP traffic based on the selected network interface is the protocol you want.

Function randomIP function that randomly generates the ip source

Function randInt function that randomly generates the ip source

Function attack_syn_flood this function performs an ack-syn-flood attack. Sending syn requests to the server without responding to the ack

Function os_fingerprinting_load this function loads a small db in a cvs file relative to the default ttl values for each operating system into a data structure

Function os_fingerprinting In this function it is delegated to look for the os fingerprinting based on the ttl value. Discrimination and recognition can be improved by using the other fields of the IP and ICMP packet header. (Reference https://www.defcon.org/images/defcon-10/dc-10-presentations/dc10-arkin-xprobe.pdf slide where it explains how to identify the operating system using the ip and icmp header fields)

Function send_ICMP Send an packet ICMP

Function get_mac Function that return mac adress through ip adress

Function scan_udp Function scan of open ports via a UDP packet

Function scan_port_host scan of open ports via a function report_ports() function integrated scapy

Function dection_syn_flood this function collects all TCP packets containing the SYN fag. And it will produce a list with all hosts making the most TCP-SYN requests. This check is used to check for suspicious activity and indications of TCP-SYN packets. To have an efficient control system on SYN flood attacks, it is necessary to check the time between requests and the other of the same ip address. Average all requests from clients to the server. (Reference page 36 chapter 3.3 Mitigation Methods)