IDS: portscan detection

[<mosquitooth () gmx net>]

Hi guys,

I'm currently writing a IDS for Windows Operating Systems (yeah, I know 
*g*). 
I managed to capture all the data that is sent/received on the network 
and to store it (that means all the headers and the payload) in an array.
Now, what's the best way to search for attempted portscans in the 
collected traffic? What's the best (fastest) algorithm to use? Is there 
any source code (C++) available on this?

Thanks a lot
mosquitooth

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>