Given the packet below in Linux:

12:37:02.582260 00:20:16:5c:80:12 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),

How do u determine information about: the host that sent this packet,the network interface manufacturer,hostname,time packet was sent,how long its been up,and any other information that could be extracted from the packet. Any help is greatly appreciated.

none of that information is present. the packet contains the hardware address of the previous layer 3 device, but outside of the clients local lan, this is just another router.

this and the other thread suggest you don't really see what ip as a protocol can and can't do. if a packet on the internet held all that pointless information just think how much space and bandwidth that would use up! uptime? why should that sort of information ever want to be visible to a network without a specific protocol / query for it?

I was thinking more that in Linux,there are commands you can run to try to get all that information from the packet information that you just have.Is there such a thing? Are there any commands that one can use to run against the packet to get that information? Im not sure,Im new to Linux,and Linux Networking as a whole.Thanks.

well this is nothing to do with linux at all, it's just the capabilities of IP. a basic IP packet really is very small, you can very easily see bit by bit what each 1 or 0 means. you can use tools like wireshark to analyse packets, and that will display timestamps and such, but this data is about when the app got a packet, not data held within the packet itself.

so yeah, not linux related, and as far as tools in general, if any operating system was going to have tools to weedle out little bits of data like this, it'd be linux long before windows, i guarentee it.

Great,for this one as well,I was thinking that you can run Linux commands cause this packet is from a Linux box,so I was not sure how to interpret all the information stored within the packet or the information that Im looking at.It seems like,at least it was my impression,that you can get the host name,interface manuf,time stamp and such by running some commands against the packet information.Im not quite sure what to do here.

You can look into the packet using Wireshark for instance. There are also console-based tools, but the output for a single packet is then quite large.

on the end machine itself, yes you can see the nic manufacturer, by virtue of it being encoded into the mac address, but then you already have mant better ways to find that sort of info out without resorting to packet sniffing.

Great,thanks.This tool,once i get it,will it be able to give all this information on any packets or how would it work briefly?

just have a look at wireshark.org there's no point us repeating what it can tell you.

Yeah,thats true :-). Thanks a lot for you help.

Do you know anything about pcap? tcpdump? isnt it used as a low level tool for pcap network capture? would that work in this case? that may be just an alternative instead of using a GUI such as with wireshark?? Also,the bpf,or Berkely Packet Filters?? whats your take on all these low level tools,would they be any good if I wanted to use them??

wireshark uses libpcap as a lower level, pcap in itself is not a tool, but a library. if you don't want a gui, just use the console interface to wireshark, tshark. or tcpdump.

And bpf is a way to write filters to get only the packets you want. Wireshark has a nice GUI for that.

Is there a site or online documentation where I can find examples of tcmpdump or bpf or tshark used as low level tools for packet capture? I cant use the GUI versions cause my system is not set up to handle it.

well the low level data is in all ip packets... wireshark.org has plenty of examples.