16

Possible Duplicate:
How can I know when my computer is pinged?

I'm using Linux. I would like to know how to tell who is pinging my computer. I have seen this similar question using Windows, but I'm not sure it applies to me.

Community
  • 1
Raja G
  • 289
  • 1
  • 2
  • 10
  • Same principles apply: Sniff the traffic on the network, or have yor local firewall log ICMP Echo requests your system sees... – voretaq7 Nov 14 '12 at 16:32

2 Answers2

34

It looks like you're asking how to see who's pinging you, right? One quick and dirty way would be using tcpdump to simply monitor all incoming ICMP echo requests:

sudo tcpdump -i ethX icmp and icmp[icmptype]=icmp-echo

where ethX is the name of the adapter you're interested in listening to.

Note that tcpdump will resolve hostnames by default, so you might need to add the -n option to get IPs instead.

(This is, by the way, basically identical to the instructions given in the question you linked, though they are for Wireshark, a related but separate tool.)

Charles
  • 1,214
  • 2
  • 13
  • 22
19

You can use tcpdump like this

tcpdump ip proto \\icmp

and you get this kind of output

09:25:22.650727 IP 192.168.1.69 > centos6.lan: ICMP echo request, id 1, seq 1, l ength 40 09:25:22.650816 IP centos6.lan > 192.168.1.69: ICMP echo reply, id 1, seq 1, len gth 40

You could use iptables too

 iptables -I INPUT -p icmp --icmp-type 8 -m state  --state NEW,ESTABLISHED,RELATED -j LOG --log-level=1 --log-prefix "Ping Request "

and get messages like this in /var/log/messages (on CentOS at least)

Nov 14 09:43:35 centos6 kernel: Ping Request IN=eth0 OUT= MAC=00:0c:29:d2:2c:38:00:0c:29:fe:8e:bb:08:00 SRC=192.168.1.69 DST=192.168.254.188 LEN=60 TOS=0x00 PREC=0x00 TTL=126 ID=6551 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=37

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Your short `tcpdump` command show incoming and outgoing (ping and pong). Also nice. – erik Feb 15 '21 at 13:26