Wireshark MATE to detect TCP Port Scanning

[Sean Laszakovits <slaszako () gmail com>]

Greetings,

I've begun to start initially playing with the MATE scripting features within Wireshark, and I'm trying to get MATE to 
show all related packets that are related to the RST flag from port scanning.

I obviously don't know where to start, but:

Is RST flag set to 1?
Yes (continue on)
No (go to next packet)

Is SEQ value == 1?
Yes (continue on)
No (go to next packet)

Is TCP Session/Conversation Packet Total <= 3?
Yes (end)
No (go to next packet)

This way I can see all TCP Convos lasting 3 or less packets (which equates to most port scans)

How would I go about scripting this out within MATE? Any pointers would be greatly appreciated!

Thanks!

Sincerely,

Sean Laszakovits

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe