LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-30-2005, 12:02 PM   #1
Menestrel
Member
 
Registered: Oct 2003
Location: Bucharest
Distribution: Debian Sarge, Slackware Current, Ubuntu
Posts: 183

Rep: Reputation: 30
Using tcpdump to find out the TTL of a packet going outside my box


I patched iptables with patch-o-matic and recompiled my kernel in order to use the TTL chain to change my TTL to 128. How can I verify with tcpdump that actually iptables is modifing this value of the TTL ?

the rule is:
iptables -t mangle -A POSTROUTING -o eth0 -j TTL --ttl-set 128

is it OK ?
 
Old 07-30-2005, 12:12 PM   #2
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,

looks quite right to me...
using tcpdump you'll have to look at the ip header structure to know which field you're looking for. if you've got a X server running, I'll suggest to use ethereal which will make the work for you (ethereal's gui makes things very easy to interprete).
 
Old 07-30-2005, 12:37 PM   #3
Menestrel
Member
 
Registered: Oct 2003
Location: Bucharest
Distribution: Debian Sarge, Slackware Current, Ubuntu
Posts: 183

Original Poster
Rep: Reputation: 30
no sorry, I have no X server installed, I did a tcpdump -vv|grep 128, and it appears that my rule is working.

I have another question when I issue the above command, packet I caught by tcpdump when leaving the POSTROUTING chain and the PREROUTING chain ?
 
Old 10-26-2005, 09:18 AM   #4
kolt
LQ Newbie
 
Registered: Oct 2003
Location: Bulgaria
Distribution: Slackware
Posts: 15

Rep: Reputation: 0
hi, Menestrel! i'd like to use the same rule
Quote:
iptables -t mangle -A POSTROUTING -o eth0 -j TTL --ttl-set 128
but i can't manage the patching part . would you please tell me how should i do it; what kernel did you patch; does it matter what version of patch-o-matic you use?
of course anyone is welcome to help thanks in advance!
 
Old 01-20-2006, 11:03 AM   #5
Menestrel
Member
 
Registered: Oct 2003
Location: Bucharest
Distribution: Debian Sarge, Slackware Current, Ubuntu
Posts: 183

Original Poster
Rep: Reputation: 30
well, you need to have your kernel source downloaded and untared, then you download the latest patch-o-matic and then untar it, then from the pathc-o-matic directory run: KERNEL_DIR=path_to_kernel /runme extra, and select yes for the ttl patch, then recompile your kernel and select the TTL target in the netfilter configuration.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
find linux box by name vs. IP zchoyt Linux - Networking 6 08-15-2005 10:24 PM
how do i find out how much ram my box has Malique Linux - Newbie 8 07-09-2004 12:51 AM
How to find Packet driver interrupt for ethernet cards palanisaravanan Linux - Networking 1 12-29-2003 01:18 PM
How to find Packet driver interrupt for ethernet cards palanisaravanan Linux - Hardware 0 12-29-2003 08:25 AM
How to find a name of Linux box! ardi76 Linux - Software 4 08-28-2003 03:07 PM


All times are GMT -5. The time now is 09:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration