I'm a newbie with tcpdump. My setup is simple:
- 1 machine A behind a router B
- 1 machine C outside, on the Internet
On machine A, I ping machine C, and I want to track what's happening with tcpdump:
tcpdumpon machine A shows an ICMP packet from IP (A) to IP (C)- Then
tcpdumpon machine C shows an ICMP packet from IP (B) to IP (C) - Then
tcpdumpon machine C sends an echo reply from IP (C) to IP (B) - Then
tcpdumpon machine A shows an echo reply from IP (C) to IP (A)
So, at some point in router B (I cannot run tcpdump on the router), the IPs are converted from IP (B) and IP (A). I assume that the "real destination IP" = IP (A) should be stored somewhere deep within the ICMP packet, so that the router can redirect it correctly. But I can't find any option of tcpdump to show this "real destination IP" when it's run on machine C? What is this option, or how can I see it?
