A network scan is a sequence of failed TCP connections or UDP packets made to the same port to more than 50 destinations within a few seconds.

Platforms:

Name

Type

Windows black.png
Mac black.png

Properties

cardinality

integer

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of underlying connections, consolidated over time

device_ip_address

ip_address

Windows black.png
Mac black.png
Mobile gray disabled.png

IP address of the connection source

duration

millisecond

Windows black.png
Mac black.png
Mobile gray disabled.png

The time between the start of the first connection and end of the last underlying connection

end_time

datetime

Windows black.png
Mac black.png
Mobile gray disabled.png

Scanning end time, corresponding to the moment when the last underlying connection was closed.

id

identifier

Windows black.png
Mac black.png
Mobile gray disabled.png

Unique scanning identifier

network

ip_network

Windows black.png
Mac black.png
Mobile gray disabled.png

Minimum IP network including all scanned destinations

start_time

datetime

Windows black.png
Mac black.png
Mobile gray disabled.png

Scanning start time

status

enum

Windows black.png
Mac black.png
Mobile gray disabled.png

Status of the Scanning (established, closed)

type

enum

Windows black.png
Mac black.png
Mobile gray disabled.png

Type of the port scanning (tcp, udp)