Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK I am fairly protected by my ISP but would like for experience to determine if and when my desktop gets pinged. After hours with internet found a command that was just mentioned in the man page on tcpdump: tcpdump -A -i any 'icmp[icmptype] = icmp-echo', the options are mine and I shortened the command to what it seemed I want.
Iget packets captured, received by filter, and dropped by kernel when I ctrl-C. BTW how do I set the ctrl-T so I can peek whenever I like.
Am I even close the the proper approach?
1) I said "fairly" protected because a) there is a local and remote address and b) these change each time I open myself by accessing the outside world.
2) I am aware of where the probes come and that detection is separate from protection such as my IPtables firewall which is set up to ignore (does not respond to) any ICMP pings.
3) I am not sure of the intended goal but did perform the command U suggested but the results did not reveal how to detect a ping, which was the goal of my query.
I know about the 8 different types but that I don't see as affecting my question unless U think I need to address all 8 types individually which is not what I was after. Just am I being pinged.
I ran the command I showed and from a different user sent pings to my local IP address these were all picked up by the command which I truncated via ctrl-C.
Can someone remind me how to set up a ctrl-T as specified in the man page for tcpdump?
(..) the command U suggested but the results did not reveal how to detect a ping
If you know the types and code you can set up an iptables LOG target rule for the specific ones you need which dumps a message to syslog. Knowing the system already provides you with the functionality means there's no need for running an IDS or tcpdump kludges.
#!/bin/sh
########################################################################
# pingDet.sh Waits for next ping until count in command line or
# exit file (pingxit) no longer exists.
# When ping arrives it exits, leaving status info on screen.
# A line containing:
# timestamp (followed by ".", characters "IP " are followed
# by the IP address of the sender which preceeds ">".
# That information is then sent to all users via wall
# The process repeats until command line count exceeded or xitping file removed.
########################################################################
svFil=/root/lstPng.dat
if [ "$LOGNAME" != "root" ]
then echo -e "\n\tError Must NOT be superuser."
exit 1
fi
# If xitping non-existent then pingDet.sh exits
echo 0 > /root/xitping
# Sets max number of pings before exiting
ans=`echo $1 | grep -o "[a-zA-Z]"`
if [ "$ans" != "" ]
then echo -e "\n\tERROR: Argument must be numeric"
exit 1
fi
if [ $1 -le 30 ]
then max=$1
else echo -e "\n\tERROR: Argument must be 1-30"
exit 1
fi
# Counter
k=0
# Infinit loop until count exceeded or pingxit vanishes.
while :
do
k=`expr $k + 1`
# Restart tcpdump to write line to $svFil and exit on receipt of ping
# $svFile is also reused
tcpdump -c 1 -A -i any -n 'icmp[icmptype] = icmp-echo' > $svFil
# Read line from $svFil
read line < $svFil
# Save timestamp and source IP address
tim=`echo $line | cut -d"." -f1`
srcIP=`echo $line | cut -d"P" -f2-`
srcIP=`echo $srcIP | cut -d">" -f1`
# Notify user
wall -n << EOF
ATTENTION received PING #$k of $max at: $time from: $srcIP
EOF
# Exit forced by removing /root/xitping
if [ ! -e /root/xitping ]
then echo -e "\n\tpingDet exiting on NO xitping file-- RESTART"
exit 1
fi
# Exits after command line count
if [ "$k" -ge $max ]
then echo -e "\n\tpingDet exits on $max-th ping-- RESTART"
exit 0
fi
done
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
