In this article we are going to create a PING detector right in the Linux terminal. This script will detect any ping packages (ICMP) sent to your computer both from local LAN and WAN.
Most of us use ping to determine if a computer, service, or IoT type of network device is online and able to be reached from the location we are in.
But do you know when someone PING you? Let’s find out..
A quick sidenote on ICMP
Regarding WAN; ICMP does not use any ports. It’s neither a TCP or UDP protocol. In order to pass an ICMP packet from the outside interface (router) to a device on the inside, the router will need to know which device the ‘ping’ is intended to and usually that’s not possible with a regular Linksys home router. I’m not saying your router doesn’t have this, but many brands don’t add this feature on home routers. You might want to try putting the device the ping is intended to in DMZ.
Okay, Let’s begin
If you do not have TCPDUMP installed, you can get it by typing the following command in your terminal:
sudo apt install -y tcpdumpBefore we can begin we need to determine the name of the network adapter. Open up a terminal and type:
ip a
This will list all network adapters on the computer, so select the one you want the detector to run on.
Now that we have the adapter name we can open up our favorite script/text editor and create the file.
Enter the following line into the editor:
(Remember to change the “ethX” to whatever you have on your computer ex: eth0 or eth1)
tcpdump -i ethX icmp and icmp[icmptype]=icmp-echoOnce the “ethX” has been modified to your network device, save the file as a bash file (.sh) and call it whatever you like. In this article we will call it “PingDetector.sh”.
Remember:
If you are new to this you would need to type the following text in the terminal to make the bash file executable:
chmod +x yourfile.shNow run the file as SUDO and try sending a PING to this computer from another device. Each ping should now pop up in the terminal window until you stop the process with “CTRL+C”.
I don’t like the way the output is formatted
If the output text is too messy and hard to understand we could add a text wrapper to it.
In computer science, a wrapper is any entity that encapsulates (wraps around) another item. Wrappers are used for two primary purposes: to convert data to a compatible format or to hide the complexity of the underlying entity
-techterms.com-
Okay, let’s modify the code a bit to only show the pinger’s address, and add some text to make it look better.
But since we now are “piping” in another tool we need to change the way TCPDUMP show data on the screen.
I might be wrong in this statement, but as of now it use a technique called “flushing”, which just dumps the data directly to the screen. A good thing about that is that it eliminates most delays that may occur. The negative effect of this is that we cannot manipulate the output, so what we need to do is to use a buffer instead of a flush method. To enable the buffer method we need to add the “-l” option to the TCPDUMP command.
Open up your script file again, and add the “-l” option to TCPDUMP, and lets also add the “awk” command at the end so that the file now looks like this:
tcpdump -l -i ethX icmp and icmp[icmptype]=icmp-echo | awk '/IP/{print "You are being PINGED by: "$3}' The awk command is a tool that is used to manipulate data, and generate reports based on the input which in this case is the output of TCPDUMP.
Now, let’s run the script one more time as SUDO, and try to ping the computer. It should look a lot better.
Well, it looks nice but can we make it prettier?
Of course!
Let’s make it prettier by adding some colors to the output, and decorate it some more. To do that we use the following command:
tcpdump -l -i ethX icmp and icmp[icmptype]=icmp-echo | awk '/IP/{print "\033[33m\t [x] \033[32m You are being PINGED by:\033[31m "$3}' This will push the output a bit more to the right, add a “box/bullet” at the beginning, and put pretty colors on the text.
If we run the script again with SUDO and ping the machine, it should look a whole lot prettier.
We hope you enjoyed this article, and that you learned something new today as well.
Thanks for reading, and stay curious!