LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How recognize these two different packets? (https://www.linuxquestions.org/questions/linux-networking-3/how-recognize-these-two-different-packets-838721/)

magodiafano 10-17-2010 09:59 PM
How recognize these two different packets?
 
Hi I have some problems with 4 questions:

1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.

2) Then i have to do the same for the packet that goes from the router to my partner's machine.

Then I have to answer the above questions but now for the echo replay.

How could i see these address?

The result could be found in the output of a tcpdump?

[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101
tcpdump: listening on eth0
20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request (DF)
20:27:36.664179 0:3:e3:2a:4a:60 0:4:75:b5:20:bc ip 60: 128.238.62.101 > 128.238.61.101: icmp: echo reply
20:27:37.668885 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request (DF)
20:27:37.669478 0:3:e3:2a:4a:60 0:4:75:b5:20:bc ip 60: 128.238.62.101 > 128.238.61.101: icmp: echo reply
20:27:38.668890 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 >


and

[guest@shakti guest]$ sudo tcpdump -en
Password:
tcpdump: listening on eth0
20:26:03.530859 0:3:e3:2a:4a:60 0:3:e3:2a:4a:60 loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
20:26:04.450793 0:3:e3:2a:4a:60 1:80:c2:0:0:0 0026 60: 802.1d config 8000.00:03:e3:2a:4a:60.8003 root 8000.00:03:e3:2a:4a:60 pathcost 0 age 0 max 20 hello 2 fdelay 15
20:26:06.450872 0:3:e3:2a:4a:60 1:80:c2:0:0:0 0026 60: 802.1d config 8000.00:03:e3:2a:4a:60.8003 root 8000.00:03:e3:2a:4a:60 pathcost 0 age 0 max 20 hello 2 fdelay 15
20:26:08.450937 0:3:e3:2a:4a:60 1:80:c2:0:0:0 0026 60: 802.1d config 8000.00:03:e3:2a:4a:60.8003 root 8000.00:03:e3:2a:4a:60 pathcost 0 age 0 max 20 hello 2 fdelay 15
20:26:10.451018 0:3:e3:2a:4a:60 1:80:c2:0:0:0 0026 60: 802.1d config 8000.00:03:e3:2a:4a:60.8003 root 8000.00:03:e3:2a:4a:60 pathcost 0 age 0 max 20 hello 2 fdelay 15
20:26:12.451056 0:3:e3:2a:4a:60 1:80:c2:0:0:0 0026 60: 802.1d config 8000.00:03:e3:2a:4a:60.8003 root 8000.00:03:e3:2a:4a:60 pathcost 0 age 0 max 20 hello 2 fdelay 15
20:26:13.531155 0:3:e3:2a:4a:60 0:3:e3:2a:4a:60 loopback 60:

magodiafano 10-18-2010 10:20 AM
someone could help me? it is very important! is the question incomplete?

salasi 10-18-2010 10:53 AM
Quote:
Originally Posted by magodiafano (Post 4131397)
someone could help me? it is very important! is the question incomplete?
Well, it looks like homework, or more exactly work in your computer lab, and you look to ask two questions, even though you say:

Quote:
I have some problems with 4 questions:
although maybe you are counting the repeats (although, if someone gives you enough clues to answer the first two, I doubt that they will then go through the same procedure with the the two repeats).

Quote:
The result could be found in the output of a tcpdump?
The answer to this question could be found in the man page for tcpdump. Usually though, I prefer the GUI app 'wireshark', because the output is a bit clearer, but there may be be reasons that you prefer tcpdump.


All times are GMT -5. The time now is 01:37 AM.