tag:blogger.com,1999:blog-14658917.post2402129293148219659..comments2008-07-22T09:12:36.359-05:00Stevenoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-14658917.post-58850395425164931482008-07-22T09:12:00.000-05:002008-07-22T09:12:00.000-05:00I think tcpdump would have been much simpler. If you are looking for *any* icmp packets, you can simply use:<BR/><BR/>tcpdump -xttttn -i [interface] icmp<BR/><BR/>and that will spit out all icmp packets.<BR/><BR/>If you want packets with a <A HREF="http://www.spirit.com/Resources/icmp.html" REL="nofollow">particular code</A> you can do that as well:<BR/><BR/>tcpdump -xttttn -i [interface] icmp[1] == 3<BR/><BR/>This spits out all icmp packets that are destination unreachable. <BR/><BR/>tcpdump -xttttn -i [interface] icmp[1] == 0<BR/><BR/>This spits out all icmp echo reply packets (when you ping something). <BR/><BR/>icmp[1] means look at the 2nd byte, which is where the <A HREF="http://www.networksorcery.com/enp/protocol/icmp.htm" REL="nofollow">codes are stored</A>.<BR/><BR/>Hope this helps.JLhttp://www.blogger.com/profile/16089000750284843256noreply@blogger.com