LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Is there a way to capture outgoing packets only?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-11-2009, 08:06 AM   #1
homer_3
Member
 
Registered: May 2008
Posts: 99

Rep: Reputation: 15
Is there a way to capture outgoing packets only?

I have a network like

Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.

They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.

When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.

So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
 
Old 06-11-2009, 11:02 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by homer_3
Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.

They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.
What Linux distro(s)? And can you provide more details about that network setup? All three are on the same vlan, and node B (with one NIC) is supposed to be a gateway between nodes A and C? (I don't understand the purpose.)

Quote:
Originally Posted by homer_3
So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
I don't have wireshark installed on my workstation, but you can quickly get this info using tcpdump(8) and its src net / dst net filter.

Example:
# tcpdump src net 10.5.5.0

Moreover, even without using such a filter you can determine how traffic is flowing by paying attention to the source and target (read from left to right) and the directional ('>') indicator.
Last edited by anomie; 06-11-2009 at 11:04 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Must the source IP in SA (used for outgoing packets) be the sender's IP? arrowheart Linux - Security 2 02-25-2009 12:16 AM
check incoming or outgoing packets ilnli Programming 1 07-24-2007 03:08 PM
Incoming and outgoing traffic (packets) increased tooparam General 4 09-22-2006 01:20 PM
drop incoming/outgoing packets using iptables doshiaj Linux - Security 1 06-08-2004 10:38 AM
Outgoing FTP packets seem to hang, or die Torm3nt Linux - Networking 3 01-31-2004 02:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:17 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration