Verify that the Linux system receives and responds to the ping package

Simply to find that a system can not be ping, need to confirm that the server received a PING packet is not responding, or it did not receive a ping packet

Execute the following command on a Linux system

Tcpdump-i eth0 ICMP

-I: Specifies which network port to detect and does not specify this parameter to capture all interface data, including Lo;

#-v: Display details, optional, for the above problem, no-V can be completed, and the output format is more neat;

Icmp:ping packet The ICMP protocol, this doesn't have to be explained.

After executing the command, check to see if there are request and reply. As follows:

[[email protected] ~]# tcpdump -i eth0  icmp tcpdump: verbose output suppressed, use -v or -vv for  full protocol decodelistening on eth0, link-type en10mb  (Ethernet),  CAPTURE SIZE 65535 BYTES11:15:41.138115 IP 172.16.X.XXX > 172.30.X.XXX:  ICMP echo request, id 1, seq 17, length 4011:15:41.138149  Ip 172.30.x.xxx > 172.16.x.xxx: icmp echo reply, id 1, seq  17, length 4011:15:42.139969 ip 172.16.x.xxx > 172.30.x.xxx: icmp  echo request, id 1, seq 18, length 4011:15:42.139997 IP  172.30.x.xxx > 172.16.x.xxx: icmp echo reply, id 1, seq 18,  length 40 

The request description system receives a PING packet, and a reply description system response Ping packet appears.

If only request is present, then

1. Check Sysctl-a | grep Icmp_echo, confirm net.ipv4.icmp_echo_ignore_all=0

2, check IPTABLES-VL, confirm-p ICMP is accpet

If there is no request and no reply, then the ping packet fails to reach this host and the policy of the link or front-end firewall needs to be checked.

Introduction to Tcpdump Options

- A converts the network address and broadcast address into a name;

- B Select Protocols on the data-link layer, including IP, ARP, RARP, and IPX. Tcpdump-b ARP will only display ARP as address Translation protocol information in the network;

- c after receiving the specified number of packets, the tcpdump will be stopped;

- D gives the code of the matching packets in a compiled format that people can understand;

-DD The code of the matching packet is given in the format of the C Language Program section;

-DDD The code for matching packets is given in decimal form;

- e Prints the header information of the data link layer in the output line;

- F print out the external Internet address in digital form;

- F reads an expression from the specified file, ignoring other expressions;

- i specifies the network interface for listening;

- L causes the standard output to become a buffered line, such as Tcpdump-l >tcpcap.txt the resulting data into a tcpcap.txt file;

- n do not convert IP address to host name;

- n do not print out the default domain name

-nn does not perform port name conversions;

- o does not perform optimization of matching code, this option is useful when it is suspected that some bugs are caused by optimized code;

- R reads packets from the specified file (these packages are typically generated via the-w option);

- s default fetch length is 68 bytes when fetching packets. Plus-S 0 can catch complete packets

- T does not print the UNIX timestamp on each line of the output, that is, the time is not displayed;

- t directly interprets the heard packet as a specified type of message, and the common types are RPC (remote Procedure Call) and SNMP;

-tt Print the original, unformatted time;

- v outputs a slightly more detailed information, such as the TTL and the type of service that can be included in the IP packet;

-VV output detailed message information;

- W writes the package directly to the file and does not parse and print it;

The following are some other examples of tcpdump (reproduced)

1. Grab a packet containing 10.10.10.122

Tcpdump-i ETH0-VNN Host 10.10.10.122

2. Crawl packets containing 10.10.10.0/24 network segments

Tcpdump-i ETH0-VNN Net 10.10.10.0/24

3. Crawl packets containing port 22

Tcpdump-i ETH0-VNN Port 22

4. Fetching packets of UDP protocol

Tcpdump-i ETH0-VNN UDP

5. Fetching packets of ICMP protocol

Tcpdump-i ETH0-VNN ICMP

6. Fetching the ARP protocol packets

Tcpdump-i Eth0-vnn ARP

7. Crawl IP protocol Packets

Tcpdump-i ETH0-VNN IP

8, Fetch source IP is 10.10.10.122 packet.

Tcpdump-i eth0-vnn SRC host 10.10.10.122

9. Fetch Destination IP is 10.10.10.122 packet

Tcpdump-i ETH0-VNN DST Host 10.10.10.122

10, grab the source port is 22 of the packet

Tcpdump-i eth0-vnn Src Port 22

11, the capture source IP is 10.10.10.253 and the destination IP is 22 packets

Tcpdump-i eth0-vnn src host 10.10.10.253 and DST Port 22

12, fetch the source IP is 10.10.10.122 or contains the port is 22 packets

Tcpdump-i eth0-vnn src host 10.10.10.122 or Port 22

13, fetch the source IP is 10.10.10.122 and the port is not 22 packets

Tcpdump-i eth0-vnn SRC host 10.10.10.122 and not port 22

14, the fetch source IP is 10.10.10.2 and the destination port is 22, or the source IP is 10.10.10.65 and the destination port is 80 packets.

Tcpdump-i eth0-vnn \ (src host 10.10.10.2 and DST port \) or \ (src host 10.10.10.65 and DST Port 80 \)

15, the Fetch source IP is 10.10.10.59 and the destination port is 22, or the source IP is 10.10.10.68 and the destination port is 80 packets.

Tcpdump-i eth0-vnn ' src host 10.10.10.59 and DST Port ' or ' src host 10.10.10.68 and DST Port 80 '

16. Store the captured packet record in the/tmp/fill file, and then exit the program after fetching 100 packets.

Tcpdump–i eth0-vnn-w/tmp/fil1-c 100

17. Read the TCP protocol packet from the/tmp/fill record

Tcpdump–i eth0-vnn-r/tmp/fil1 TCP

18. Read the packet containing 10.10.10.58 from the/tmp/fill record

Tcpdump–i eth0-vnn-r/TMP/FIL1 Host 10.10.10.58

This article is from the "foolishfish" blog, make sure to keep this source http://foolishfish.blog.51cto.com/3822001/1532699