Using tcpdump to find out the TTL of a packet going outside my box
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using tcpdump to find out the TTL of a packet going outside my box
I patched iptables with patch-o-matic and recompiled my kernel in order to use the TTL chain to change my TTL to 128. How can I verify with tcpdump that actually iptables is modifing this value of the TTL ?
the rule is:
iptables -t mangle -A POSTROUTING -o eth0 -j TTL --ttl-set 128
looks quite right to me...
using tcpdump you'll have to look at the ip header structure to know which field you're looking for. if you've got a X server running, I'll suggest to use ethereal which will make the work for you (ethereal's gui makes things very easy to interprete).
but i can't manage the patching part . would you please tell me how should i do it; what kernel did you patch; does it matter what version of patch-o-matic you use?
of course anyone is welcome to help thanks in advance!
well, you need to have your kernel source downloaded and untared, then you download the latest patch-o-matic and then untar it, then from the pathc-o-matic directory run: KERNEL_DIR=path_to_kernel /runme extra, and select yes for the ttl patch, then recompile your kernel and select the TTL target in the netfilter configuration.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.