Sniffer for ICMP Packets in the network

[olli2003]

Hi gys

I've tried to set up a TCP/IP trace on my machine.
I'll try to protcol all ICMP Packets going out of this
server.
Therefore I've chosen the iptrace command.
When doing iptrace -d <DESTINATON SERVER> /tmp/<FILE>
I'll get all TCP/IP Packets included the ARP Requests.
That's ok, but I also get the ICM Packets with it.
The disadvantage is, that the list will blow up in a very
short time!
So I'll update my command to:
iptrace -a -d <DESTINATION SERVER> /tmp/<FILE>
The ARPS are lost, but also the ICMP Packets will not record.
Have anybody an idea how to manage my problem?
Just sniffering the ICMP without the ARP Requests?
Tanks for help!
Regards Oliver

 

[franksoprano]

Have you tried using a sniffer on a pc or a laptop? There is a decent sniffer included with RedHat Linux called Ethereal you can filter which packets you want to sniff.

Sorry I cant help you with or actual question as im not familar with the iptrace command..


Just a suggestion for the mean time..

 

[olli2003]

Dear all

However, I've found a solution for myself.
In any case who like to know do this:

startsrc -s iptrace -a “-d <HOST> -i en0 /tmp/iptrace/log&quot; = starts an iptrace with specified characters

stopsrc -s iptrace = stops the iptrace

ipreport -ns log > log_formatted
= formattes the log file and writes its output to stdout

Best Regards
Oliver

 

[franksoprano]

Cool thanks! Ill give it a shot next time at work..