Filtering ICMP ICMPv6 Packets with Tcpdump

Updated: Mar 3

Tcpdump command on Linux can be used to filter packets. Here are examples to filter ICMP and ICMPv6 packets with tcpdump command on Linux.



What is ICMP?

ICMP is short for Internet Control Message Protocol. It is a network layer protocol used by network devices to diagnose network communication issues.


Ping is one of the most basic network debugging tools. It sends ICMP echo request packets to a host. If the host gets the packet and feels nice enough, it sends an ICMP echo response packet in return.




How to use tcpdump to capture ICMP Packets

In IPV4, we can use this tcpdump command to filter all ICMP packets.

# tcpdump -i eth0 icmp

This is the output of the ICMP echo request and echo reply packet.

16:17:46.354621 IP 10.79.97.62 > 216.58.200.14: ICMP echo request, id 33817, seq 1707, length 64
16:17:46.399959 IP 216.58.200.14 > 10.79.97.62: ICMP echo reply, id 33817, seq 1707, length 64

Filtering ICMP echo reply echo request Packets

Here are common ICMP types :

  • 0 Echo Reply

  • 3 Destination Unreachable

  • 4 Source Quench

  • 5 Redirect

  • 8 Echo

  • 11 Time Exceeded

With the following command, we can filter ICMP echo-reply,

# tcpdump -i eth0 "icmp[0] == 0"

To filter ICMP echo-requests, we can use this tcpdump command.

# tcpdump -i eth0 "icmp[0] == 8"

How to use tcpdump to capture ICMPv6 packets

In IPv6, an IPv6 packet is 40 bytes long, and the first 8 bits of the ICMPv6 header specify its type. We can use this tcpdump command to filter all ICMPv6 packets.

# tcpdump -i eth0 icmp6

We can use this tcpdump command to filter ICMPv6 echo-requests.

# tcpdump -i eth0 "icmp6 && ip6[40] == 128"

In the latest versions of tcpdump/libpcap, we can use the following command to capture ICMPv6 echo packets.

# tcpdump -i eth0 'icmp6[icmp6type]=icmp6-echo'

Related Post:


662 views

Join our newsletter. Get a free Linux account on Cloud.

Get a Free Cloud Server! 

We can use this cloud server to practice Linux commands. Never miss a post!

Thanks for submitting!