Ping a Specific Port

Question

Bob

Asked: 2012-04-11 12:33:52 +0800 CST2012-04-11 12:33:52 +0800 CST 2012-04-11 12:33:52 +0800 CST

Script to find the address udp packets are being sent to?

Here is the scenario.

I have an IP address 1.2.3.4 port 2000 sending udp packets to one unknown IP. I would like to find the unknown IP so I can block it with iptables.

Is there a way to do it with a script? Right now I am doing it manually by using

tshark -i eth1 -f "net 1.2.3.4 and src port 2000"

I'm not sure how to pipe this into a script and automatically find the destination ip.

Jon Lasser · Answer 1 · 2012-04-11T12:42:05+08:00

Best Answer

Jon Lasser

Just use tshark to output only the field in question by adding -Tfields -e ip.dst_host to your command line:

tshark -i eth1 -Tfields -e ip.dst_host -f "net 1.2.3.4 and src port 2000"

To get only the first occurrence, gather only a small number of packets and pass through head:

tshark -i eth1 -Tfields -e ip.dst_host -f "net 1.2.3.4 and src port 2000" -c 1000 | head -1

If you don't think 1000 packets are enough to turn up one packet to this port, increase that number.