0

I believe it is a very newbie question and I am one indeed. On AWS instance, how do I know who pings my server and if is possible to keep a log of it?

I added the example output from the answer by @menderes. I hope it helps other newbies like myself too.

eth0      Link encap:Ethernet  HWaddr 09:00:12:90:e3:e5  
          inet addr:192.168.1.29 Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe70:e3f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54071 errors:1 dropped:0 overruns:0 frame:0
          TX packets:48515 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22009423 (20.9 MiB)  TX bytes:25690847 (24.5 MiB)
          Interrupt:10 Base address:0xd020 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:83 errors:0 dropped:0 overruns:0 frame:0
          TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7766 (7.5 KiB)  TX bytes:7766 (7.5 KiB)
wlan0     Link encap:Ethernet  HWaddr 58:a2:c2:93:27:36  
          inet addr:192.168.1.64  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::6aa3:c4ff:fe93:4746/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:436968 errors:0 dropped:0 overruns:0 frame:0
          TX packets:364103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:115886055 (110.5 MiB)  TX bytes:83286188 (79.4 MiB)
Carlo C.
  • 107
  • 1
  • 8
CuppaCoffee
  • 1
  • 1
  • Which operating system are you running on your AWS instance? And please delete the GCP tag if you are not using their cloud. – John Mahowald Oct 04 '20 at 17:12
  • 2
    Does this answer your question? [how to know who ping my computer ?](https://serverfault.com/questions/448541/how-to-know-who-ping-my-computer) – John Mahowald Oct 04 '20 at 17:12

1 Answers1

2

You can see the ping submissions by installing an application on your server or with the existing feature. If you want to see who is sending ping;

# sudo tcpdump -i [ethXY] icmp and icmp [icmptype] = icmp-echo

for ethXY -> sudo ifconfig

If you want to see log records, you have to install iptables-persistent application first. Then you can look at the logs.

#sudo apt-get install iptables-persistent

# -A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST:"

# grep 'LOG_IPTABLES_PING_REQUEST:' / var / log / messages

This applies to the Ubuntu operating system. I can help you if you can mention different operating system in the comments.

menderes
  • 41
  • 1
  • Thanks. As a newbie, I have a definite newbie question if you don't mind. Where do I find the `ethXY` and `icmptype` info? I can't add the output here in the comment due to the number of character restriction, I have added to the question. – CuppaCoffee Oct 04 '20 at 01:30
  • Sorry, I used the square brackets in the same place. You just need to learn the [ethXY]* value and change it. You can learn the information of the NIC card by typing "ifconfig". You must write the name of the interface that gives the public IP address. (*Such as Ens160, eth0) – menderes Oct 04 '20 at 15:51
  • `ifconfig` on Linux has been obsolete for 20 years. Use iproute, such as with `ip link` to list interfaces. – John Mahowald Oct 04 '20 at 17:10
  • John, But I use it. Practicality and habits are important. Thank you for your contribution. – menderes Oct 05 '20 at 07:26