LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-19-2012, 06:58 PM   #1
waddles
Member
 
Registered: Sep 2012
Posts: 372

Rep: Reputation: 1
detect when pinged


OK I am fairly protected by my ISP but would like for experience to determine if and when my desktop gets pinged. After hours with internet found a command that was just mentioned in the man page on tcpdump: tcpdump -A -i any 'icmp[icmptype] = icmp-echo', the options are mine and I shortened the command to what it seemed I want.
Iget packets captured, received by filter, and dropped by kernel when I ctrl-C. BTW how do I set the ctrl-T so I can peek whenever I like.
Am I even close the the proper approach?
 
Old 11-19-2012, 08:56 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by waddles View Post
I am fairly protected by my ISP
How did you test that?


Quote:
Originally Posted by waddles View Post
but would like for experience to determine if and when my desktop gets pinged.
As long as you realize most probing is efficiently focused on ports or application level data: in short it doesn't make your machine more secure.


Quote:
Originally Posted by waddles View Post
Am I even close the the proper approach?
Look up what Type and Code ICMP PING uses, then see 'iptables -m icmp --help'?
 
Old 11-19-2012, 11:07 PM   #3
waddles
Member
 
Registered: Sep 2012
Posts: 372

Original Poster
Rep: Reputation: 1
detect when pinged

1) I said "fairly" protected because a) there is a local and remote address and b) these change each time I open myself by accessing the outside world.

2) I am aware of where the probes come and that detection is separate from protection such as my IPtables firewall which is set up to ignore (does not respond to) any ICMP pings.

3) I am not sure of the intended goal but did perform the command U suggested but the results did not reveal how to detect a ping, which was the goal of my query.

I know about the 8 different types but that I don't see as affecting my question unless U think I need to address all 8 types individually which is not what I was after. Just am I being pinged.

I ran the command I showed and from a different user sent pings to my local IP address these were all picked up by the command which I truncated via ctrl-C.
Can someone remind me how to set up a ctrl-T as specified in the man page for tcpdump?
 
Old 11-20-2012, 08:06 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by waddles View Post
(..) the command U suggested but the results did not reveal how to detect a ping
If you know the types and code you can set up an iptables LOG target rule for the specific ones you need which dumps a message to syslog. Knowing the system already provides you with the functionality means there's no need for running an IDS or tcpdump kludges.
 
Old 11-20-2012, 12:59 PM   #5
waddles
Member
 
Registered: Sep 2012
Posts: 372

Original Poster
Rep: Reputation: 1
detect when pinged

True and my firewall does that.

FWIW here is the code I created:
Code:
#!/bin/sh
########################################################################
# pingDet.sh  Waits for next ping until count in command line or 
#             exit file (pingxit) no longer exists.
#             When ping arrives it exits, leaving status info on screen.
#             A line containing:
#             timestamp (followed by ".", characters "IP " are followed 
#             by the IP address of the sender which preceeds ">".
#             That information is then sent to all users via wall
#             The process repeats until command line count exceeded or xitping file removed.
########################################################################

svFil=/root/lstPng.dat

if [ "$LOGNAME" != "root" ]
then echo -e "\n\tError Must NOT be superuser."
     exit 1
fi

# If xitping non-existent then pingDet.sh exits
echo 0 > /root/xitping

# Sets max number of pings before exiting
ans=`echo $1 | grep -o "[a-zA-Z]"`
if [ "$ans" != "" ] 
then echo -e "\n\tERROR: Argument must be numeric"
     exit 1
fi

if [ $1 -le 30 ]
then max=$1
else echo -e "\n\tERROR: Argument must be 1-30"
     exit 1
fi

# Counter
k=0

# Infinit loop until count exceeded or pingxit vanishes.
while :
do
   k=`expr $k + 1`
# Restart tcpdump to write line to $svFil and exit on receipt of ping
# $svFile is also reused
   tcpdump -c 1 -A -i any -n 'icmp[icmptype] = icmp-echo' > $svFil

# Read line from $svFil
   read line < $svFil

# Save timestamp and source IP address
   tim=`echo $line | cut -d"." -f1`

   srcIP=`echo $line | cut -d"P" -f2-`
   srcIP=`echo $srcIP | cut -d">" -f1`

# Notify user
   wall -n << EOF
ATTENTION received PING #$k of $max at: $time from: $srcIP
EOF

# Exit forced by removing /root/xitping
   if [ ! -e /root/xitping ]
   then echo -e "\n\tpingDet exiting on NO xitping file-- RESTART"
        exit 1
   fi

# Exits after command line count
   if [ "$k" -ge $max ]
   then echo -e "\n\tpingDet exits on $max-th ping-- RESTART"
        exit 0
   fi
done
 
Old 11-20-2012, 07:59 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by waddles View Post
my firewall does that.
If it actually logs a message and you run rsyslogd then you could add a filter and send the message straight to /dev/console w/o needing a script.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptop can ping out, but can't be pinged djeikyb Linux - Networking 5 07-13-2010 08:53 PM
iptables DROP icmp applied, still being pinged linuxistan Linux - Networking 3 10-18-2004 11:26 PM
linux network problem! HELP! cannot be pinged by other computers! debug019 Linux - Newbie 1 10-18-2004 12:15 AM
Mandrake 9.2 box can't be pinged by network but is connected JohnLocke Linux - Networking 2 06-28-2004 06:32 PM
pinged, or scanned with nmap ivanatora Linux - Software 1 09-22-2003 03:36 AM


All times are GMT -5. The time now is 08:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration