detect if host recieving any IP packets at all from host

[Doug Reeder (aka Skapti)]

I'm trying to figure out a nasty problem with a firewall that doesn't
seem to do what it's supposed to do. In particular, some hosts
outside the firewall can ping the firewall itself, but can't access
any host inside the firewall.

Is there a tool which can let me know if a linux host is recieving any
IP packets of any kind from a particular host?
--
P. Douglas Reeder Lecturer, Dept. Computer/Info. Science, Ohio State Univ.
ree...@cis.ohio-state.edu http://www.cis.ohio-state.edu/~reeder/reeder.html
GE/S d- s+:- a C++@$ U++++ P+ L++ E W++ N+ o? K? w !O M+ V PS+() PE Y+ PGP-
t 5+ X- R>+ tv+ b+++>$ DI+ D- G e+++ h r+>+++ y+>++

[Ted Pavlic]

Doug --

Your problem probably lies in your firewall rules (ipchains, iptables,
etc.) and/or your routing table. Could you post output from your:

netstat -rn

as well as output from your (this might vary depending on what toolset
you're using):

ipchains -L -n

That would be helpful.

Now, regarding such a tool . . . You can use tcpdump to sit on your
ethernet card in promiscuous mode and report to you every piece of ethernet
traffic that your network card picks up. There are other sniffers that do a
better job than this, but tcpdump is typically a quick and dirty way of
quickly seeing what and when things arrive at your machine (and what your
machine does with them).

All the best --
Ted

"Doug Reeder (aka Skapti)" <ree...@cis.ohio-state.edu> wrote in message
news:anv8ha$nop$1...@news.cis.ohio-state.edu...

[mjt]

Doug Reeder (aka Skapti wrote:

> Is there a tool which can let me know if a linux host is recieving any
> IP packets of any kind from a particular host?

.... man netstat ... man ethereal

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Michael J. Tobler: motorcyclist, surfer, # Black holes result
skydiver, and author: "Inside Linux", # when God divides the
"C++ HowTo", "C++ Unleashed" # universe by zero