LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-21-2016, 06:45 AM   #1
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Rep: Reputation: Disabled
Linux command to check the last packet received from particular IP subnet.


Dears,
I am new to linux. I working with telecom company. In my system we receive the traffic from some IP subnets. But from few days i was unable to receive the traffic from one of the IP subnet.
Can anyone give me the command to check, when the last packet was received from that IP subnet.

Thanks,
 
Old 08-21-2016, 07:16 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Welcome to LQ!
Code:
sudo tcpdump -nn -i eth0 src <curious_ip> -w sniff.pcap -c 100
will capture and keep 100 packets in sniff.pcap, which can be played back for analysis.

That's all I know.
 
Old 08-21-2016, 07:23 AM   #3
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,716

Rep: Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554
You would want to grep for the address in your traffic logs.
If you weren't logging it then, no, you can't.
 
Old 08-21-2016, 07:29 AM   #4
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks dear for your reply...

I tried with the command u posted... but nothing is captured. my question is that from the particular IP i was receiving the traffic. I dont know when it was stopped. I want to check on my server when it was stopped... date and time. For more information it is RADIUS traffic..

is there any log will save on the server?


Thanks for the support....
 
Old 08-21-2016, 07:33 AM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
grep the logs
Code:
grep <ip> /var/log/* -Rl
will show you file hits

Let's say /var/log/auth.log shows up from that command.
Then you'd
Code:
grep <ip> /var/log/auth.log |less
and start poking around.

Wide search:
Code:
grep <ip> /var/log/* > ~/curious_ip-dump.txt
This will collect all info in all logs for that ip and stick it in the text file ~/curious_ip-dump.txt

Browse that file.

Last edited by Habitual; 08-21-2016 at 07:36 AM.
 
Old 08-21-2016, 07:36 AM   #6
linuxash
LQ Newbie
 
Registered: Aug 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Welcome to LQ!
Code:
sudo tcpdump -nn -i eth0 src <curious_ip> -w sniff.pcap -c 100
will capture and keep 100 packets in sniff.pcap, which can be played back for analysis.

That's all I know.


Thanks dear for your reply...

I tried with the command u posted... but nothing is captured. my question is that from the particular IP i was receiving the traffic. I dont know when it was stopped. I want to check on my server when it was stopped... date and time. For more information it is RADIUS traffic..

is there any log will save on the server?


Thanks for the support....
 
Old 08-21-2016, 07:39 AM   #7
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,716

Rep: Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554
https://www.linuxquestions.org/quest...1/#post5593839
 
Old 08-21-2016, 10:19 AM   #8
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,511

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Logging at the packet level would create massive log files. You could perhaps find useful information on the radius server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Stop events like Received SNMP packet(s) from UDP: [1.2.3.4]:59675 rjo98 Linux - Newbie 6 09-02-2014 08:49 PM
[SOLVED] How to listen for a specific ping packet and take an action when it is received paicito Linux - Networking 4 01-06-2014 12:08 PM
received UDP packet length sasubillis Linux - Software 1 02-12-2010 08:57 AM
Incorrect MAC received on packet, SuSE 10.2 jaguar11735 Linux - Software 5 07-11-2007 07:32 AM
problem in received packet linux_lover2005 Programming 2 04-24-2005 09:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration