LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-22-2016, 07:24 PM   #1
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Rep: Reputation: Disabled
Displaying ping originator(s) / sender(s)


Displaying ping originator(s) / sender(s)

From ifconfig, I get this wireless IP address for my host, hsot1:

wlp2s0b1 inet addr:10.0.0.165



I can ping it like so:

ping 10.0.0.165


But I like to know who is pinging me, e.g. If I ping from another host.
What command can I use to detect the ping sender(s)?
 
Old 08-23-2016, 05:22 AM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
10.0.0.165
It is a local or internal address, probably used by any of your devices. Try "traceroute" the IP. Are you using Cisco Linksys, Netgear, TP-Link, ASUS, D-Link, Netcomm, Zyxel, Edimax, Belkin, Thomson, or similar brands? They usually default on that address; you will find out if you will open a browser put the URL 10.0.0.165 see if it takes you into the device http interface.

Nothing to worry.

Good luck.
 
Old 08-23-2016, 09:46 AM   #3
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
There are a couple of ways to look at this.

First: if you have a firewall you could add a rule to log all icmp packets something like this for IPTABLES;

Code:
iptables -A INPUT -p icmp --icmp-type 8 -j LOG --log-prefix " *** PINGS LOGGED ***"

Second: you could watch them as they are happening with tcpdump;

Code:
 tcpdump -ni <INTERFACE> -e icmp[icmptype] == 8
 
Old 08-23-2016, 10:29 AM   #4
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@lazydog:

In
I could not use iptables since systemd use firewall-cmd.
What is the equivalent iptaable command for firewall-cmd?
Quote:
iptables -A INPUT -p icmp --icmp-type 8 -j LOG --log-prefix " *** PINGS LOGGED ***"
Unable to get any response with tcpdump:
Quote:
~ $ sudo tcpdump -i wlp2s0b1 -e 'icmp[icmptype] == 8'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp2s0b1, link-type EN10MB (Ethernet), capture size 262144 bytes
# NO RESPONSE HERE AFTER PINGING
 
Old 08-23-2016, 10:36 AM   #5
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@lazydog:

Thanks.
What is equivalent firewall-cmd for iptables:
Quote:
iptables -A INPUT -p icmp --icmp-type 8 -j LOG --log-prefix " *** PINGS LOGGED ***"
This does not work:
Quote:
~ $ sudo tcpdump -i wlp2s0b1 -e 'icmp[icmptype] == 8'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp2s0b1, link-type EN10MB (Ethernet), capture size 262144 byte
# No response while I pinged from another bash shell in same host.
What did I missed?

I couldnot find values for "icmptypes" in man tcpdump.
Where did you find it?

Thanks.
 
Old 08-23-2016, 10:47 AM   #6
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@malekmustaq:

Thank you.
Quote:
Try "traceroute" the IP.
Quote:
traceroute tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live
(TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.
And I tried this:
Quote:
~ $ traceroute 192.168.0.10
traceroute to 192.168.0.10 (192.168.0.10), 30 hops max, 60 byte packets
1 192.168.0.4 (192.168.0.4) 2998.090 ms !H 2997.910 ms !H 2997.888 ms !H
But the IP= 192.168.0.10 is the computer I am on.
So I still do not know who is pining on 192.168.0.10 using traceroute.
It seems traceroute is not applicable to this use case, correct?
 
Old 08-23-2016, 11:24 AM   #7
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Quote:
Originally Posted by fanoflq View Post
@lazydog:

Thanks.
What is equivalent firewall-cmd for iptables:
Sorry, I abandoned firewalld as it added no value to me. You are going to have to look that one up.

Quote:
This does not work:


What did I missed?
The reason you didn't see anything is because you are on the host and your pings do not traverse the network interface. Ping from another device on the network and you will see the traffic.


Quote:
I couldnot find values for "icmptypes" in man tcpdump.
Where did you find it?

Thanks.
Google
 
1 members found this post helpful.
Old 08-23-2016, 11:50 AM   #8
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@lazydog:

Thanks.
I try to look up information locally to reduce dependency on google,
an learn where to finds things on host.
But it seems using WWW solves a lot of problems...

Quote:
The reason you didn't see anything is because you are on the host and your pings do not traverse the network interface. Ping from another device on the network and you will see the traffic.
It is working now.
The problem is the IP on my host changed from
inet addr:192.168.0.10 to inet addr:192.168.0.4

I think it happened when I rebooted.
How do you make the (private) IP static?

Addendum:
Never mind I will try WWW 1st... thanks.

Last edited by fanoflq; 08-23-2016 at 12:00 PM.
 
Old 08-23-2016, 12:07 PM   #9
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Quote:
Originally Posted by fanoflq View Post
I think it happened when I rebooted.
How do you make the (private) IP static?

Addendum:
Never mind I will try WWW 1st... thanks.
Good choice.

This would depend on the OS you are using. So google <OS> how to make ip static should get you to where you need to be.
 
Old 08-23-2016, 12:22 PM   #10
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
How do you make the (private) IP static?
There are ways to do that. First you can access the router and fix to match the NIC address of your interface with desired IP, configure the router (which usually serves as your DHCP server in that case). Second is to use the script configuration in the /etc. Or you may do it along the network manager or wicd manager whichever is in use in your system.

To make a shortcut to hints have this tutorial open, use only CTL+F type the topic you want to learn from. Or choose nice tutorials from here and download for fast learning.

Hope that helps. Good luck and enjoy.

m.m.
 
1 members found this post helpful.
Old 08-23-2016, 01:15 PM   #11
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@malekmustaq:

Quote:
To make a shortcut to hints have this tutorial open, use only CTL+F type the topic you want to learn from. Or choose nice tutorials from here and download for fast learning.
Hoot hoot! Yay!
A Christmas gift in August!
Thanks.
 
Old 08-23-2016, 02:47 PM   #12
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@lazydog:
Quote:
Ping from another device on the network and you will see the traffic.
What if I have a different network from my host's network?
The inet addr:192.168.0.10 from ifconfig outputs is local,
i.e. on one router.

If I want to ping from another network, using
the local IP inet addr:192.168.0.10 would not work
since 192.168.xxx.yyy are all private addresses.
Correct?

What is the solution for pinging network A with
local IP inet addr:192.168.0.10 from a separate network B?

Thank you.
 
Old 08-23-2016, 03:28 PM   #13
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
What you need to understand is RC1918 Addresses (10.x, 172.16.x, 192.168.x) are all routable. Just not routed over the internet.
So as long as your network can route from one network to the other you should be able to ping.
 
Old 08-23-2016, 03:38 PM   #14
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
@lazydog:

Quote:
What you need to understand is RC1918 Addresses (10.x, 172.16.x, 192.168.x) are all routable. Just not routed over the internet.
Sorry, I was not making my question clearer.

Actually my question should be:
What is the solution for pinging network A with
local (private) IP inet addr:192.168.0.10 from a separate network B
and passing through WWW?

NOTE: There is no direct connection between networks A and B except via WWW.

Looks like this is not possible, correct?
 
Old 08-23-2016, 04:17 PM   #15
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
So I'm going to assume that at both ends the private addresses are natted to leave the network.

If you know the URL then you should be able to use that Public IP Address to ping as long as the firewalls on both ends allow ping to pass.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Ping Issue - Can't ping localhost but can ping others on LAN code_slinger Linux - Networking 15 03-30-2015 03:39 PM
Selinux blocking ping results ...ICMP ping Timed out (CentOS 6.4, Cacti 0.8.8) ndhami23 Linux - Security 3 01-04-2014 12:33 PM
I cannot ping with command 'ping IP' address but can ping with 'ping IP -I eth0' sanketmlad Linux - Networking 2 07-15-2011 06:32 AM
odbc (php output not displaying in web browser,but it displaying in terminal) manu@vssc Red Hat 1 06-29-2011 02:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration