LEDE/OpenWRT — TCPDump to Wireshark

Learn how to set up tcpdump on your LEDE/OpenWRT device to communicate with Wireshark, allowing you to view the traffic on your home network.

This post will focus specifically on the steps you need to run on your LEDE/OpenWRT device to drive the data into Wireshark, and so assumes that you already have Wireshark running on another computer.

SSH to your LEDE/OpenWRT device

If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your LEDE/OpenWRT box into the Host Name field.

Once you’ve done this just click on Open to start up the SSH connection.

PuTTY

If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where 192.168.1.1 is your LEDE/OpenWRT device’s IP address.

ssh root@192.168.1.1

Installation

First up we need to make sure tcpdump is installed on your device. Run the following commands:

opkg update
opkg install tcpdump

Capturing

Once you have tcpdump installed you just need to run the following to start piping the data into Wireshark:

"tcpdump -i br-lan -U -s0 -w - host 192.168.0.7" | wireshark -k -i -

This will pipe the captured packets related to the address 192.168.0.7

Change this address relative to what data you want to capture.


If you found this post helpful please let us know by clicking the ♥ below.

This blog was brought to you by Cucumber WiFi. Cucumber helps you run a more efficient WiFi network. Check it out here.

Cucumber WiFi — control any (WiFi) device from the cloud.

Show your support

Clapping shows how much you appreciated CT WiFi’s story.