Psad is a tool used to analyse iptables log messages to detect port scans and other suspicious traffic.
Installation
# yum install perl-IPTables-ChainMgr perl-Date-Calc perl-Unix-Syslog # rpm -Uvh http://www.cipherdyne.org/psad/download/psad-2.4.2-1.x86_64.rpm
Start the daemon and check status:
# /etc/init.d/psad start # psad --Status
Note that if a firewall is not configured to log packets, then psad will not detect port scans or anything else.