Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:misc:tcpdump_wireshark [2020/09/19 14:23] – add iptime working u-siro | docs:guide-user:firewall:misc:tcpdump_wireshark [2023/01/24 17:09] – confirm working for me cm | ||
|---|---|---|---|
| Line 14: | Line 14: | ||
| Update 2020-09-19: One person has confirmed its still working on a iptime device (mt7620) running 20.172.67167 | Update 2020-09-19: One person has confirmed its still working on a iptime device (mt7620) running 20.172.67167 | ||
| + | |||
| + | Update 2023-01-24: One person has confirmed its still working on a Xiaomi device running 22.03.2 | ||
| </ | </ | ||
| Line 23: | Line 25: | ||
| opkg install tcpdump | opkg install tcpdump | ||
| | | ||
| - | To capture all packets on the WAN (eth1): | + | To capture all packets on the WAN (the below assumes that interface |
| - | killall tcpdump; tcpdump -n -i eth1 | + | |
| tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
| listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
| Line 32: | Line 34: | ||
| 13: | 13: | ||
| 13: | 13: | ||
| + | |||
| + | To capture all packets from a specific host on the network: | ||
| + | |||
| + | # tcpdump -i eth0 host 192.168.2.102 -U -s0 -w / | ||
| You may also use Wireshark capture and analysis tool. | You may also use Wireshark capture and analysis tool. | ||
| - | To capture all packets on the WAN: | + | To capture all packets on the the ' |
| - Enable SSH connection with certificated (to avoid password prompt) | - Enable SSH connection with certificated (to avoid password prompt) | ||
| - | - Under your GNU/Linux station or MacOsX: | + | - on a Linux system: |
| ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ssh user@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i - | ||
| - | | ||
| - | - or Windows Command Prompt: | ||
| - | ssh root@192.168.1.1 | + | |
| + | |||
| + | | ||
| + | |||
| + | - or, on a Windows system: | ||
| + | ssh root@myledebox tcpdump -i eth1 -U -s0 -w - 'not port 22' | " | ||
| + | Another option is to use the sshdump tool in wireshark, like so: | ||
| + | < | ||
| + | wireshark ' | ||
| + | </ | ||
| ===== Capturing packets from a switch ===== | ===== Capturing packets from a switch ===== | ||