[Click] Problems Filtering Packets

betamaz betamaz at gmail.com
Tue Mar 1 23:51:09 EST 2005 

Hi,

I'm using the conf/print-pings.click file (showed below) by pinging
ssh-ing into another machine and pinging the current one that is
running 'click  print-pings.click' but do not see any icmp messages
being captured.  I tried disabling the IPFilter inorder to see all
messages being captured (the result is shown below). I am assuming
icmp messages are being created since the sending machine is receiving
an echo reply from the destination.

I have two questions: Why do I not see any Icmp messages being
captured by the click configuration file?
Also, is there another process by which I can capture icmp messages?

Thanks in advance,
Bita.

-----------------------------------------------------
configuration file: 
// print-pings.click

// This configuration reads packets from a device, and prints out any ICMP
// echo requests it receives.


FromDevice(eth0)				
						
   -> Classifier(12/0800)			
   -> Strip(14)					
   -> CheckIPHeader				
   -> IPFilter(allow icmp && icmp type echo)	
//   -> IPFilter(allow udp)
   -> IPPrint(ascii)					
   -> Discard;

-----------------------------------------------------
sender pinging:

# ping 128.111.40.189
PING 128.111.40.189 (128.111.40.189) 56(84) bytes of data.
64 bytes from 128.111.40.189: icmp_seq=0 ttl=64 time=0.047 ms
64 bytes from 128.111.40.189: icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from 128.111.40.189: icmp_seq=2 ttl=64 time=0.043 ms

-----------------------------------------------------
machine running click:

# click print-pings.click
ascii: 1109737521.674002: 128.111.40.186.631 > 128.111.40.255.631: udp 98
ascii: 1109737525.559222: 128.111.40.2 > 224.0.0.5: ip-proto-89
ascii: 1109737526.039666: 128.111.40.210.138 > 128.111.40.255.138: udp 213
ascii: 1109737529.251329: 128.111.40.2 > 224.0.0.1: ip-proto-2
ascii: 1109737529.851687: 128.111.40.116 > 239.255.255.250: ip-proto-2
ascii: 1109737530.671170: 128.111.40.184.631 > 128.111.40.255.631: udp 100
ascii: 1109737530.671292: 128.111.40.184.631 > 128.111.40.255.631: udp 149
ascii: 1109737531.359330: 128.111.40.249 > 224.0.1.60: ip-proto-2
ascii: 1109737531.671086: 128.111.40.158.631 > 255.255.255.255.631: udp 144
ascii: 1109737532.321539: 128.111.40.171 > 224.0.0.251: ip-proto-2
ascii: 1109737532.914212: 128.111.40.30 > 224.0.1.1: ip-proto-2
ascii: 1109737535.559804: 128.111.40.2 > 224.0.0.5: ip-proto-89

More information about the click mailing list