TCPDump To Wireshark
Sep 21, 2016
Learn how to set up tcpdump on your LEDE/OpenWRT device to communicate with Wireshark, allowing you to view the traffic on your home network.
This post will focus specifically on the steps you need to run on your LEDE/OpenWRT device to drive the data into Wireshark, and so assumes that you already have Wireshark running on another computer.
SSH to your OpenWRT device
If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your OpenWRT box into the Host Name field.
Once you’ve done this just click on Open to start up the SSH connection.
If you are connecting via terminal, then just SSH to your OpenWRT device using the following command, where 192.168.1.1 is your OpenWRT device’s IP address.
First up we need to make sure tcpdump is installed on your device. Run the following commands:
opkg update opkg install tcpdump
Once you have tcpdump installed you just need to run the following to start piping the data into Wireshark:
"tcpdump -i br-lan -U -s0 -w - host 192.168.0.7" | wireshark -k -i -
This will pipe the captured packets related to the address 192.168.0.7
Change this address relative to what data you want to capture.
CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here ct-networks.io
Come join CT WiFiSign Up
Sign-up for CT WiFi, it's free for unlimited access points :)