justin@Justin:~$ sudo apt-cache show icmpush
Package: icmpush
Priority: extra
Section: net
Installed-Size: 66
Maintainer: Ola Lundqvist <opal@debian.org>
Architecture: i386
Version: 2.2-6
Depends: libc6 (>= 2.3.1-1)
Filename: pool/main/i/icmpush/icmpush_2.2-6_i386.deb
Size: 28284
MD5sum: 5ee62cc83169d30543554657ded3700c
SHA1: 25b0c6fcb9fde381dc3a52c25b16fd77df477a58
SHA256: 7bf215b1c80c50284f95aac39dfb514b0252767f30ed808eaec174c7708f8e50
Description: ICMP packet builder
 icmpush is a tool that builds ICMP packets fully customized
 from command line.
 .
 It supports the following ICMP error types: Redirect, Source
 Quench, Time Exceeded, Destination Unreach and Parameter
 Problem.
 .
 And the following ICMP information types: Address Mask Request,
 Timestamp, Information Request, Echo Request, Router Solicitation
 and Router Advertisement.
Tag: interface::commandline, role::program, scope::utility, use::editing

tcpdump -nnxX -i eth0 -w file.cap -C 20 -s 0

• C Before writing a raw packet to a savefile, check

  whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes).

• n Don't convert addresses (i.e., host addresses, port

  numbers, etc.) to names.

• N Don't print domain name qualification of host names.

  E.g., if you give this flag then tcpdump will print ``nic'' instead of ``nic.ddn.mil''.

• x When parsing and printing, in addition to printing the

  headers of each packet, print the data of each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (e.g. Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding.

• s Snarf snaplen bytes of data from each packet rather

  than the default of 65535 bytes. Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you're interested in. Setting snaplen to 0 sets it to the default of 65535, for backwards compatibility with recent older versions of tcpdump.

• i Listen on interface. If unspecified, tcpdump searches

  the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match.

  On Linux systems with 2.2 or later kernels, an interface argument of ``any'' can be used to capture packets from all interfaces. Note that captures on the ``any'' device will not be done in promiscuous mode.

  If the -D flag is supported, an interface number as printed by that flag can be used as the interface argument.

justin@Justin:~$ sudo tcpdump -D
[sudo] password for justin:
1.eth0
2.any (Pseudo-device that captures on all interfaces)
3.lo

wirshark = ethereal

tcmpdump -e

• e Print the link-level header on each dump line.

justin@Justin:~$ sudo ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:7f:16:b5
          inet addr:10.194.44.124  Bcast:10.194.45.255  Mask:255.255.254.0
          inet6 addr: fe80::20c:29ff:fe7f:16b5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:467829 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9256 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:49207035 (46.9 MiB)  TX bytes:1656561 (1.5 MiB)
          Interrupt:18 Base address:0x1080

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:73 errors:0 dropped:0 overruns:0 frame:0
          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6405 (6.2 KiB)  TX bytes:6405 (6.2 KiB)

justin@Justin:~$ sudo tcpdump -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

15:10:32.069226 68:b5:99:f4:7b:39 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92:
CFM876-01.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

15:10:32.093327 00:0c:db:fe:f3:00 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has a18250-DevStation.ap.mot.com tell 10.194.45.252, length 46
15:10:32.093353 00:0c:db:fe:f3:00 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has DTB687-02.ap.mot.com tell 10.194.45.252, length 46
15:10:32.093361 00:0c:db:fe:f3:00 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has DKR836-03.ap.mot.com tell 10.194.45.252, length 46
15:10:32.124948 00:0c:db:fb:71:00 (oui Unknown) > 01:00:5e:7f:ff:fa (oui Unknown), ethertype IPv4 (0x0800), length 175: BGFX63-05.ap.mot.com.58295 > 239.255.255.250.1900: UDP, length 133
15:10:32.167481 00:13:72:2f:49:8d (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: kwgj48-01.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.240044 00:0c:db:fb:71:00 (oui Unknown) > 01:00:5e:00:00:02 (oui Unknown), ethertype IPv4 (0x0800), length 62: 10.216.81.253.8888 > 224.0.0.2.8888: UDP, length 20
15:10:32.240202 2c:27:d7:19:f9:78 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: PQF643-01.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.240236 00:0c:db:fe:f3:00 (oui Unknown) > 68:b5:99:ec:70:1d (oui Unknown), ethertype IPv4 (0x0800), length 98: il93win03v.am.mot.com.netbios-ns > KWGJ48-04.ap.mot.com.netbios-ns: NBT UDP PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST
15:10:32.240239 68:b5:99:ec:70:1d (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: KWGJ48-04.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.262886 00:1e:ec:b9:aa:98 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: RGMJ36-02.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.282807 00:15:c5:4d:80:7e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: pqkb76-01.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.346489 00:0c:29:7f:16:b5 (oui Unknown) > 02:e0:52:b0:78:07 (oui Unknown), ethertype IPv4 (0x0800), length 86: null-000c297f16b5.ap.mot.com.43755 > 8.8.8.8.domain: 51743+ PTR? 255.45.194.10.in-addr.arpa. (44)
15:10:32.408853 b4:99:ba:e7:d7:4b (oui Unknown) > 01:00:5e:7f:ff:fa (oui Unknown), ethertype IPv4 (0x0800), length 174: hdrp38-01.ap.mot.com.gpsd > 239.255.255.250.1900: UDP, length 132
15:10:32.408868 00:0c:db:fb:71:00 (oui Unknown) > 01:00:5e:7f:ff:fa (oui Unknown), ethertype IPv4 (0x0800), length 174: hdrp38-01.ap.mot.com.gpsd > 239.255.255.250.1900: UDP, length 132
15:10:32.408871 b4:99:ba:e7:d7:2c (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 82: A22255-05.ap.mot.com.53227 > 255.255.255.255.1947: UDP, length 40
15:10:32.479626 00:0c:db:fb:71:00 (oui Unknown) > 68:b5:99:ec:70:1d (oui Unknown), ethertype IPv4 (0x0800), length 1304: zch68lnxdroid47.ap.mot.com.5902 > KWGJ48-04.ap.mot.com.61094: Flags [P.], seq 1869168054:1869169304, ack 3367002208, win 159, length 1250
15:10:32.479636 68:b5:99:ec:70:1d (oui Unknown) > 02:e0:52:b0:78:07 (oui Unknown), ethertype IPv4 (0x0800), length 64: KWGJ48-04.ap.mot.com.61094 > zch68lnxdroid47.ap.mot.com.5902: Flags [P.], seq 1:11, ack 1250, win 16071, length 10
15:10:32.479637 00:0c:db:fb:71:00 (oui Unknown) > 68:b5:99:ec:70:1d (oui Unknown), ethertype IPv4 (0x0800), length 60: zch68lnxdroid47.ap.mot.com.5902 > KWGJ48-04.ap.mot.com.61094: Flags [.], ack 11, win 159, length 0
15:10:32.571904 00:1f:29:a2:6a:fc (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: PVTH68-03.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:10:32.604438 68:b5:99:ec:70:1d (oui Unknown) > 02:e0:52:b0:78:07 (oui Unknown), ethertype ARP (0x0806), length 60: Request who-has gateway10-194-45.ap.mot.com (02:e0:52:b0:78:07 (oui Unknown)) tell KWGJ48-04.ap.mot.com, length 46
15:10:32.604452 02:e0:52:b0:78:07 (oui Unknown) > 68:b5:99:ec:70:1d (oui Unknown), ethertype ARP (0x0806), length 90: Reply gateway10-194-45.ap.mot.com is-at 02:e0:52:b0:78:07 (oui Unknown), length 76
15:10:32.618259 00:13:72:2f:49:8d (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has e12932-01.ap.mot.com tell kwgj48-01.ap.mot.com, length 46
15:10:32.618279 00:18:8b:b4:a7:23 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 92: pvnr46-02.ap.mot.com.netbios-ns > 10.194.45.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
^C^C^C^C^C^C15:10:32.631390 00:0c:db:fb:71:00 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has dcg467-01.ap.mot.com tell 10.194.45.253, length 46

25 packets captured
7749 packets received by filter
7563 packets dropped by kernel

icmp

ping localhost

justin@Justin:~$ sudo tcpdump -i lo -nnvXSs 0 icmp
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
16:04:28.218360 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 64627, seq 1, length 64
        0x0000:  4500 0054 0000 4000 4001 3ca7 7f00 0001  E..T..@.@.<.....
        0x0010:  7f00 0001 0800 d235 fc73 0001 0cae 5d4f  .......5.s....]O
        0x0020:  d154 0300 0809 0a0b 0c0d 0e0f 1011 1213  .T..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
16:04:28.241460 IP (tos 0x0, ttl 64, id 37379, offset 0, flags [none], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo reply, id 64627, seq 1, length 64
        0x0000:  4500 0054 9203 0000 4001 eaa3 7f00 0001  E..T....@.......
        0x0010:  7f00 0001 0000 da35 fc73 0001 0cae 5d4f  .......5.s....]O
        0x0020:  d154 0300 0809 0a0b 0c0d 0e0f 1011 1213  .T..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
16:04:29.220569 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 64627, seq 2, length 64
        0x0000:  4500 0054 0000 4000 4001 3ca7 7f00 0001  E..T..@.@.<.....
        0x0010:  7f00 0001 0800 3e2c fc73 0002 0dae 5d4f  ......>,.s....]O
        0x0020:  645d 0300 0809 0a0b 0c0d 0e0f 1011 1213  d]..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
16:04:29.220618 IP (tos 0x0, ttl 64, id 37380, offset 0, flags [none], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo reply, id 64627, seq 2, length 64
        0x0000:  4500 0054 9204 0000 4001 eaa2 7f00 0001  E..T....@.......
        0x0010:  7f00 0001 0000 462c fc73 0002 0dae 5d4f  ......F,.s....]O
        0x0020:  645d 0300 0809 0a0b 0c0d 0e0f 1011 1213  d]..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
16:04:30.221446 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 64627, seq 3, length 64
        0x0000:  4500 0054 0000 4000 4001 3ca7 7f00 0001  E..T..@.@.<.....
        0x0010:  7f00 0001 0800 bf27 fc73 0003 0eae 5d4f  .......'.s....]O
        0x0020:  e260 0300 0809 0a0b 0c0d 0e0f 1011 1213  .`..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
16:04:30.221491 IP (tos 0x0, ttl 64, id 37381, offset 0, flags [none], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo reply, id 64627, seq 3, length 64
        0x0000:  4500 0054 9205 0000 4001 eaa1 7f00 0001  E..T....@.......
        0x0010:  7f00 0001 0000 c727 fc73 0003 0eae 5d4f  .......'.s....]O
        0x0020:  e260 0300 0809 0a0b 0c0d 0e0f 1011 1213  .`..............
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567

Wiki comments powered by Disqus