Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do u determine information about: the host that sent this packet,the network interface manufacturer,hostname,time packet was sent,how long its been up,and any other information that could be extracted from the packet. Any help is greatly appreciated.
none of that information is present. the packet contains the hardware address of the previous layer 3 device, but outside of the clients local lan, this is just another router.
this and the other thread suggest you don't really see what ip as a protocol can and can't do. if a packet on the internet held all that pointless information just think how much space and bandwidth that would use up! uptime? why should that sort of information ever want to be visible to a network without a specific protocol / query for it?
I was thinking more that in Linux,there are commands you can run to try to get all that information from the packet information that you just have.Is there such a thing? Are there any commands that one can use to run against the packet to get that information? Im not sure,Im new to Linux,and Linux Networking as a whole.Thanks.
well this is nothing to do with linux at all, it's just the capabilities of IP. a basic IP packet really is very small, you can very easily see bit by bit what each 1 or 0 means. you can use tools like wireshark to analyse packets, and that will display timestamps and such, but this data is about when the app got a packet, not data held within the packet itself.
so yeah, not linux related, and as far as tools in general, if any operating system was going to have tools to weedle out little bits of data like this, it'd be linux long before windows, i guarentee it.
Great,for this one as well,I was thinking that you can run Linux commands cause this packet is from a Linux box,so I was not sure how to interpret all the information stored within the packet or the information that Im looking at.It seems like,at least it was my impression,that you can get the host name,interface manuf,time stamp and such by running some commands against the packet information.Im not quite sure what to do here.
on the end machine itself, yes you can see the nic manufacturer, by virtue of it being encoded into the mac address, but then you already have mant better ways to find that sort of info out without resorting to packet sniffing.
Do you know anything about pcap? tcpdump? isnt it used as a low level tool for pcap network capture? would that work in this case? that may be just an alternative instead of using a GUI such as with wireshark?? Also,the bpf,or Berkely Packet Filters?? whats your take on all these low level tools,would they be any good if I wanted to use them??
wireshark uses libpcap as a lower level, pcap in itself is not a tool, but a library. if you don't want a gui, just use the console interface to wireshark, tshark. or tcpdump.
Is there a site or online documentation where I can find examples of tcmpdump or bpf or tshark used as low level tools for packet capture? I cant use the GUI versions cause my system is not set up to handle it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.