Capturing network traces with OpenWRT
This is mostly a reminder to myself.
opkg install tcpdump
External USB Modules
I don’t want to waste internal storage on the capture files, so install the USB storage modules:
opkg install kmod-usb-storage block-mount
You’ll also need a filesystem driver:
opkg install kmod-fs-vfat
Use ‘vfat’ because – let’s face it – you’ll be using a Windows-formatted USB stick, whether you’re on Windows, Linux or Mac OS X.
And you’ll need some code page modules:
opkg install kmod-nls-cp437 kmod-nls-iso8859-1
If you don’t do this, then you’ll get:
mount: mounting /dev/sda1 on /mnt failed: Invalid argument
…when you attempt to mount the device later; and your log (use
logread -f &)
will have one or both of the following:
FAT-fs (sda1): codepage cp437 not found FAT-fs (sda1): IO charset iso8859-1 not found
You might see different codepage or charset warnings; just install the relevant modules.
…then plug in a USB stick. Make sure there’s plenty of space on it.
You’ll need to mount it (assuming it’s on
mount /dev/sda1 /mnt -t vfat
Capture some traces
tcpdump -i wlan0-1 -w /mnt/dump.cap
wlan0-1 is my guest WiFi. Yours might well be called something different.
Yoink it back to a proper PC
scp openwrt:/mnt/dump.cap .
Examine it in Wireshark
Left as an exercise for the reader