TCPLogD is part of the IPLogger package. The IPLogger package provides two daemons that log all incoming TCP attempts and important ICMP events (ping, source route, etc.) to the syslog.
IPLogger has been recently modified by phroid to provide extended functionality, to better detect and log incoming FTP bounce attacks, FIN packet based scans and Null packet based scans.
The original source code follows:
/* tcplogd.c v 2.1 (20th dic. 1998) for linux
by phroid (email@example.com)
(a simple hack of Mike Edulla's tcplogger)
the difference are:
0 - compiles on libc5 AND glibc2 system.
1 - stripped ident support (would reveal the logger IMHO!)
2 - added tcp FIN packet logging, they are used in many attacks
removed LOG_ALL_FIN option, not useful anymore
3 - added FIN+URG+PUSH packet logging ("Xmas tree scan" attack)
4 - added logging of tcp packets w/o any flag set ("Null scan" attack)
write me if you like this or if you are interested in IPdump and IPlogd
IPdump is a single packets DETAILED dumper for advanced diagnostic use
IPlogd would be the definitive tcp/ip log daemon, supporting tcp, udp, icmp,
and even raw data using user defined matching parameters.
#include <stdlib.h> /* some of these were included in the original */
#include <unistd.h> /* but not really needed */
extern int errno;
#define NOFILE 1024
char *hostlookup(unsigned long int);
char *servlookup(unsigned short);