Problem
1) How would you extend your Port Scan Detection program to also detect examples of port knocking attempts in a PCAP file?
2) Discuss how to detect an occurrence of port knocking that uses a 3-port sequence?
3) Discuss how to detect an occurrence of port knocking that uses a n-port sequence? How would you distinguish a 6-port sequence from two simultaneous 3-port sequences?
4) Discuss how to detect a successful port knocking sequence versus a failed attempt in a PCAP with occurrences of both?