TCPDump To Wireshark

Sep 21, 2016

Learn how to set up tcpdump on your LEDE/OpenWRT device to communicate with Wireshark, allowing you to view the traffic on your home network.

This post will focus specifically on the steps you need to run on your LEDE/OpenWRT device to drive the data into Wireshark, and so assumes that you already have Wireshark running on another computer.

SSH to your OpenWRT device

If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your OpenWRT box into the Host Name field.

Once you’ve done this just click on Open to start up the SSH connection.

If you are connecting via terminal, then just SSH to your OpenWRT device using the following command, where 192.168.1.1 is your OpenWRT device’s IP address.

ssh [email protected]

Installation

First up we need to make sure tcpdump is installed on your device. Run the following commands:

opkg update
opkg install tcpdump

Capturing

Once you have tcpdump installed you just need to run the following to start piping the data into Wireshark:

"tcpdump -i br-lan -U -s0 -w - host 192.168.0.7" | wireshark -k -i -

This will pipe the captured packets related to the address 192.168.0.7

Change this address relative to what data you want to capture.

CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here ct-networks.io