If I ping one of my servers from another server, is there any log or anything, a way to 'see' the ping from the other server on the target machine and identify it's source IP or something?
Asked
Active
Viewed 1.1k times
3 Answers
6
Set up Wireshark on a PC and watch for the packets to come in there. NetMon is also an option on the server but I prefer to leave this type of analysis off the server.
If there is a gateway (firewall, router, etc) between your servers the ping should / could be logged at that device also depending on the log configuration of that device.
squillman
- 37,883
- 12
- 92
- 146
-
2It'll probably be logged as "ICMP type 8, echo request" – Satanicpuppy Mar 11 '11 at 14:50
-
NP. ;) – Satanicpuppy Mar 11 '11 at 14:52
4
Yes wireshark is the way to go...also use this process to actually strip out the traffic from the ip address that is pinging the server:
1) Fire up wireshark
2) Select the correct interface
3) Use the filter 'ip.src==192.168.2.1'
NOTE: you can use 'http and ip.src==192.168.2.1' to drill down into the protocol
Pete2k
- 251
- 1
- 2
- 5
-
1Perhaps you meant `icmp and ip.src==192.168.2.1`? "Ping" is typically associated with ICMP echoes and replies. – Gerald Combs Oct 08 '12 at 23:59
2
If we are talking about a Linux Server, the simplest thing you can do is:
# tcpdump -i eth0 '(icmp)' -nn -vv
Considering that "eth0" is the interface from where the "ping packet" (icmp type 8) will come in.
HopelessN00b
- 53,795
- 33
- 135
- 209
Diede
- 31
- 1
-
3Given the Windows-server-2003 tag, probably not talking about Linux server, no... – HopelessN00b Oct 08 '12 at 23:43