Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:misc:tcpdump_wireshark [2018/09/16 12:49] – ↷ Page moved from inbox:firewall:misc:tcpdump_wireshark to docs:guide-user:firewall:misc:tcpdump_wireshark bobafetthotmail | docs:guide-user:firewall:misc:tcpdump_wireshark [2023/01/24 17:09] – confirm working for me cm | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| https:// | https:// | ||
| - | < | + | <WRAP round important |
| This has not been tested recently. | This has not been tested recently. | ||
| + | |||
| + | Update 2019-01-01: One person has confirmed its still working on a Buffalo device (Atheros AR71xx) running 18.06.1 | ||
| + | |||
| + | Update 2019-02-22: One person has confirmed its still working on a Netgear device (Atheros ar71xx) running 18.06.2 | ||
| + | |||
| + | Update 2020-09-19: One person has confirmed its still working on a iptime device (mt7620) running 20.172.67167 | ||
| + | |||
| + | Update 2023-01-24: One person has confirmed its still working on a Xiaomi device running 22.03.2 | ||
| </ | </ | ||
| Line 17: | Line 25: | ||
| opkg install tcpdump | opkg install tcpdump | ||
| | | ||
| - | To capture all packets on the WAN (eth1): | + | To capture all packets on the WAN (the below assumes that interface |
| - | tcpdump -n -i eth1 | + | |
| tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
| Line 26: | Line 34: | ||
| 13: | 13: | ||
| 13: | 13: | ||
| + | |||
| + | To capture all packets from a specific host on the network: | ||
| + | |||
| + | # tcpdump -i eth0 host 192.168.2.102 -U -s0 -w / | ||
| You may also use Wireshark capture and analysis tool. | You may also use Wireshark capture and analysis tool. | ||
| - | To capture all packets on the WAN: | + | To capture all packets on the the ' |
| - Enable SSH connection with certificated (to avoid password prompt) | - Enable SSH connection with certificated (to avoid password prompt) | ||
| - | - Under your GNU/Linux station or MacOsX: | + | - on a Linux system: |
| ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ||
| + | - on a macOS system: | ||
| + | |||
| + | ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo / | ||
| + | |||
| + | - or, on a Windows system: | ||
| + | |||
| + | ssh root@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | " | ||
| + | Another option is to use the sshdump tool in wireshark, like so: | ||
| + | < | ||
| + | wireshark ' | ||
| + | </ | ||
| ===== Capturing packets from a switch ===== | ===== Capturing packets from a switch ===== | ||