Its really useful to be able to capture traffic on your local network. One common use case would be capturing traffic from a mobile application that you believe may _not be secure. With OpenWrt as our router we can install and use tcpdump to capture the traffic.
I have created a non root account as is best practise to many commands will require 'sudo' to enable the correct privileges.
First we need to update the package manager then install tcpdump :
$ sudo opkg update
$ sudo opkg install tcpdump
Now we can run tcpdump and capture the traffic in a file for evaluation.
Run ifconfig to identify the bridge on your network which typically will have teh IP address 192.168.1.1 :
$ ifconfig
In my case the adaptor is 'br-lan ' which the devices being provisioned by OpenWRT route through.
Check the amount of free disk space you have before writing to file. In this example I have sufficient free space in /tmp.
$ df -h
We can now run a packet capture as the sudo user with the following example syntax changing 'Host IP address' to the IP of your device e.g. phone and 'nameof capture' as an appropriate name.
$ sudo tcpdump -i br-lan -vvv host <Host IP address> -w <nameof capture>.pcap
Generate some network traffic on your device and when complete press 'Ctrl + C'.
You can then scp the file to your PC for evaluation using a tool like wireshark. Example syntax :
$ scp <nameof capture>.pcap user@<PC IP>:~/tmp
On Arch Linux you can install wireshark with
$ pacman -S wireshark-gtk
No comments:
Post a Comment