Porthunter FAQs

Question 1

What is Porthunter and what does it do?

Accepted Answer

Porthunter is a local MCP server designed to analyze PCAP/PCAPNG network captures. It specializes in detecting and classifying various port scanning techniques, identifying suspicious IP addresses, and enriching them with valuable threat intelligence.

Question 2

What types of port scanning techniques can Porthunter detect?

Accepted Answer

Porthunter is capable of detecting and classifying common port scanning techniques, including SYN scans, FIN/NULL/Xmas scans, and identifying both horizontal and vertical scanning patterns within your network traffic captures.

Question 3

How does Porthunter enhance IP address information?

Accepted Answer

For identified public IP addresses, Porthunter enriches the data by integrating with threat intelligence sources like OTX and GreyNoise. It also provides Autonomous System Number (ASN) and geolocation details, and can correlate multiple IPs for consolidated results.

Question 4

What are the technical requirements to run Porthunter?

Accepted Answer

Porthunter requires Python 3.11 or newer and is compatible with Windows, Linux, and macOS operating systems. Docker is also supported for containerized deployments, offering flexibility in installation.

Question 5

Are there any limits on the size of PCAP files Porthunter can analyze?

Accepted Answer

By default, Porthunter is configured to process PCAP/PCAPNG files up to 50MB. This maximum file size limit, along with other security and operational parameters, can be adjusted through environment variables for customized usage.

Porthunter

Porthunter

Key Features

Use Cases

Key Features

Use Cases