Inspired by the RBS methodology, in this homework, you are using the expertise you learned in Labs 2 and 3 to build a tool that detects port scanners. You can make your own assumptions if you believe some required information is missing from the description, but you need to document your assumptions. This tool will run on a machine in a LAN and detects every host performing port scanning in the LAN, including itself. Description: Part 1 - PortScanner Detector Your program will be multi-threaded. One thread of your program will sniff the traffic. For every connection from to , it records <(srcIP, dstIP, dstPort), timestamp> in a table. We refer to this as first-contact connection request. Every first-contact connection is stored for 5 minutes before being deleted. If (srcIP, dstIP, dstPort) already exists, then you have already recorded the first-contact (do nothing). As a result of this step, you have a table (hashtable is a good option to implement this) of all first-contact connections per every source, along with their updated timestamp within the last 5 minutes. First contacts older than 5 minutes must be constantly deleted (May need another thread). Another thread will calculate the fan-out rate of each source IP. Fan-out rate is the rate of establishing new connections per time interval. For example, the fan-out rate of 5/s means the source host has made 5 first-contact connections in the last second. You will calculate the fan-out rate for three different intervals: per second, per minute, per 5 minutes. If the fan-out rate per sec exceeds 5, or the fan-out rate per minute exceeds 100, or the fan-out rate per 5min exceeds 300 (any of these), the source IP is identified as a port-scanner. Your program must output the source IP, the average fan-out rate per second in the last 5 minutes, the average fan-out rate per minute in the last 5 minutes, and the fan-out rate per 5 minutes for every detected port-scanner. Note that if a portscanner is detected in less than 5 minutes, some of these fan-out rates may not be applicable. I leave figuring out the details to you. Your program must also output the reason for detection (See example output below). Example Output: A scanner detected on source IP x avg. fan-out per sec: y, avg fan-out per min: z, fan-out per 5min: d reason: fan-out rate per sec = 6 (must be less than 5). ********* A scanner detected on source IP y ... ..