How to monitor who is pinging me?

Question

Is there a way to know who is pinging my PC on my network? Is it possible to monitor all ICMP packets? How can I do that?

Answer 1

Yes, that is possible using tcpdump, which is a most powerful and widely used command-line packet sniffer (package analyzer) tool available on Linux.

In the terminal application of the computer you want to monitor :

sudo tcpdump -i ethX icmp and icmp[icmptype]=icmp-echo

Options:

-n avoid a (potentially slow) reverse DNS query
−i interface
icmp[icmptype]=icmp-echo    To print all ICMP packets that are echo requests/replies

The it will start listening on ethX and waiting for arrived packets.

Example : I have 2 pc win7 10.1.1.8 , Ubuntu 10.1.1.57 which will monitor packets arrived :

On ubuntu :

Reference : nixCraft

Answer 2

Good workout @nux I liked it .

I also would like to add my trick I use to find who's pinging me by using avahi tool (can be installed from Synaptic).

When I run in terminal avahi-browse -rat , it automatically compiles full list of connections for example:

hostname = [xxx-xxx.local]
address = [xxx::x:xxx:xxx:xxx:xxx] physical
address = [xx.xx.xxx.xx] ipv4 or ipv6
port = [xxx]
txt = [xxx]

For example , I can always see when my Internet provider is pinging me during my session, when I run this command .

To see everything avahi can do , Run :

avahi-browse --help 

Answer 3

This package must simply be installed (if you don't have it):

sudo apt-get install iptables-persistent

Then add this command to the /etc/iptables/rules.v4 file:

-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "

To check who pings you , just check the log file:

grep 'LOG_IPTABLES_PING_REQUEST: ' /var/log/messages

You can also use a monitoring applications such as Wireshark.