摘要:This research introduces the analysis of the request and reply message for infected and victim machine. The problem of the research is cannot focus on specific scanning worm protocol to detect the scanning worm. The Internet worm attacks different destination victims by a used Internet protocol that support three main protocols TCP, UDP and ICMP regarding transport and control protocol, the research studied three main protocols, TCP, UDP, and ICMP that used by different scanning worms. The research focused on a request from infected machines and a reply message from the victim. The study found a new failure message that depends on the type of protocol that uses it via scanning worm.
