Now, we see only the ICMP Echo Request in the output.
We can also display only ICMP Echo Requests using icmp=icmp-echo as the filter expression: $ tcpdump -n -i any icmp=icmp-echo Now, let’s ping the local host once more from another terminal: $ ping –c 1 10.0.2.15Ħ4 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.037 ms The -i option of tcpdump specifies the network interface to listen to. The -n option is for displaying IP addresses instead of hostnames. Tcpdump begins waiting for capturing ping packets. Listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes Tcpdump: verbose output suppressed, use -v… for full protocol decode Now, there is only the ICMP Echo Request in the output. We specify the capture filter using the -f option in this case: $ sudo tshark -i any -f icmp -Y icmp.type=8 We can use the -Y option of tshark to specify a display filter. Therefore, we successfully used tshark to detect who pinged our host. The first packet captured is the ICMP Echo Request we sent from the other terminal. The -i option of tshark specifies the network interface to listen to. Now, let’s ping our host from another terminal: $ ping –c 1 10.0.2.15
Tshark begins waiting to capture ICMP packets.
0 kommentar(er)
