Zulfan & Ruri

Ipgrab is a network debugging utility not unlike tcpdump except that it prints out detailed header field information for data link, network and transport layers.

Install ipgrab in debian

#apt-get install ipgrab
Reading package lists… Done
Building dependency tree… Done
The following NEW packages will be installed
ipgrab
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 74.2kB of archives.
After unpacking 213kB of additional disk space will be used.
Get: 1 ftp://kambing.ui.edu stable/main ipgrab 0.9.9-1 [74.2kB]
Fetched 74.2kB in 1s (43.2kB/s)
Selecting previously deselected package ipgrab.
(Reading database … 39833 files and directories currently installed.)
Unpacking ipgrab (from …/ipgrab_0.9.9-1_i386.deb) …
Setting up ipgrab (0.9.9-1) …

If you want to run ipgrab run the following command
#ipgrab
Output looks like below

**************************************************************************
Ethernet (1225943550.294175)
————————————————————————–
Hardware source:        00:0e:a6:32:7e:48
Hardware destination:   00:1e:be:4f:93:08
Type / Length:          0×800 (IP)
Media length:           106
————————————————————————–
IP Header
————————————————————————–
Version:                4
Header length:          5 (20 bytes)
TOS:                    0×10
Total length:           92
Identification:         62836
Fragmentation offset:   0
Unused bit:             0
Don’t fragment bit:     1
More fragments bit:     0
Time to live:           64
Protocol:               6 (TCP)
Header checksum:        40374
Source address:         172.16.5.3
Destination address:    172.16.5.23
————————————————————————–
TCP Header
————————————————————————–
Source port:            22 (SSH)
Destination port:       4693 (unknown)
Sequence number:        3047833682
Acknowledgement number: 2708388300
Header length:          5 (20 bytes)
Unused:                 0
Flags:                  PA
Window size:            9648
Checksum:               42927
Urgent:                 0