Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| inbox:firewall:misc:tcpdump_wireshark [2018/08/14 14:59] – created dturvene | docs:guide-user:firewall:misc:tcpdump_wireshark [2023/01/24 17:09] – confirm working for me cm | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| https:// | https:// | ||
| + | |||
| + | <WRAP round important 60%> | ||
| + | This has not been tested recently. | ||
| + | |||
| + | Update 2019-01-01: One person has confirmed its still working on a Buffalo device (Atheros AR71xx) running 18.06.1 | ||
| + | |||
| + | Update 2019-02-22: One person has confirmed its still working on a Netgear device (Atheros ar71xx) running 18.06.2 | ||
| + | |||
| + | Update 2020-09-19: One person has confirmed its still working on a iptime device (mt7620) running 20.172.67167 | ||
| + | |||
| + | Update 2023-01-24: One person has confirmed its still working on a Xiaomi device running 22.03.2 | ||
| + | </ | ||
| ===== Capturing packets from an OpenWrt appliance ===== | ===== Capturing packets from an OpenWrt appliance ===== | ||
| Line 13: | Line 25: | ||
| opkg install tcpdump | opkg install tcpdump | ||
| | | ||
| - | To capture all packets on the WAN (eth1): | + | To capture all packets on the WAN (the below assumes that interface |
| - | tcpdump -n -i eth1 | + | |
| tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
| Line 22: | Line 34: | ||
| 13: | 13: | ||
| 13: | 13: | ||
| + | |||
| + | To capture all packets from a specific host on the network: | ||
| + | |||
| + | # tcpdump -i eth0 host 192.168.2.102 -U -s0 -w / | ||
| You may also use Wireshark capture and analysis tool. | You may also use Wireshark capture and analysis tool. | ||
| - | To capture all packets on the WAN: | + | To capture all packets on the the ' |
| - Enable SSH connection with certificated (to avoid password prompt) | - Enable SSH connection with certificated (to avoid password prompt) | ||
| - | - Under your GNU/Linux station or MacOsX: | + | - on a Linux system: |
| ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ||
| + | - on a macOS system: | ||
| + | |||
| + | ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo / | ||
| + | |||
| + | - or, on a Windows system: | ||
| + | |||
| + | ssh root@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | " | ||
| + | Another option is to use the sshdump tool in wireshark, like so: | ||
| + | < | ||
| + | wireshark ' | ||
| + | </ | ||
| ===== Capturing packets from a switch ===== | ===== Capturing packets from a switch ===== | ||