LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Linux command to check the last packet received from particular IP subnet.
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-21-2016, 05:45 AM   #1
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Rep: Reputation: Disabled
Linux command to check the last packet received from particular IP subnet.

Dears,
I am new to linux. I working with telecom company. In my system we receive the traffic from some IP subnets. But from few days i was unable to receive the traffic from one of the IP subnet.
Can anyone give me the command to check, when the last packet was received from that IP subnet.

Thanks,
 
Old 08-21-2016, 06:16 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Welcome to LQ!
Code:
sudo tcpdump -nn -i eth0 src <curious_ip> -w sniff.pcap -c 100
will capture and keep 100 packets in sniff.pcap, which can be played back for analysis.

That's all I know.
 
Old 08-21-2016, 06:23 AM   #3
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
You would want to grep for the address in your traffic logs.
If you weren't logging it then, no, you can't.
 
Old 08-21-2016, 06:29 AM   #4
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks dear for your reply...

I tried with the command u posted... but nothing is captured. my question is that from the particular IP i was receiving the traffic. I dont know when it was stopped. I want to check on my server when it was stopped... date and time. For more information it is RADIUS traffic..

is there any log will save on the server?


Thanks for the support....
 
Old 08-21-2016, 06:33 AM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
grep the logs
Code:
grep <ip> /var/log/* -Rl
will show you file hits

Let's say /var/log/auth.log shows up from that command.
Then you'd
Code:
grep <ip> /var/log/auth.log |less
and start poking around.

Wide search:
Code:
grep <ip> /var/log/* > ~/curious_ip-dump.txt
This will collect all info in all logs for that ip and stick it in the text file ~/curious_ip-dump.txt

Browse that file.
Last edited by Habitual; 08-21-2016 at 06:36 AM.
 
Old 08-21-2016, 06:36 AM   #6
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Welcome to LQ!
Code:
sudo tcpdump -nn -i eth0 src <curious_ip> -w sniff.pcap -c 100
will capture and keep 100 packets in sniff.pcap, which can be played back for analysis.

That's all I know.


Thanks dear for your reply...

I tried with the command u posted... but nothing is captured. my question is that from the particular IP i was receiving the traffic. I dont know when it was stopped. I want to check on my server when it was stopped... date and time. For more information it is RADIUS traffic..

is there any log will save on the server?


Thanks for the support....
 
Old 08-21-2016, 06:39 AM   #7
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
https://www.linuxquestions.org/quest...1/#post5593839
 
Old 08-21-2016, 09:19 AM   #8
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Logging at the packet level would create massive log files. You could perhaps find useful information on the radius server.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stop events like Received SNMP packet(s) from UDP: [1.2.3.4]:59675 anon091 Linux - Newbie 6 09-02-2014 07:49 PM
[SOLVED] How to listen for a specific ping packet and take an action when it is received paicito Linux - Networking 4 01-06-2014 11:08 AM
received UDP packet length sasubillis Linux - Software 1 02-12-2010 07:57 AM
Incorrect MAC received on packet, SuSE 10.2 jaguar11735 Linux - Software 5 07-11-2007 06:32 AM
problem in received packet linux_lover2005 Programming 2 04-24-2005 08:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:28 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration