LEDE/OpenWRT — TCPDump to Wireshark
Learn how to set up tcpdump on your LEDE/OpenWRT device to communicate with Wireshark, allowing you to view the traffic on your home network.
This post will focus specifically on the steps you need to run on your LEDE/OpenWRT device to drive the data into Wireshark, and so assumes that you already have Wireshark running on another computer.
SSH to your LEDE/OpenWRT device
If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your LEDE/OpenWRT box into the Host Name field.
Once you’ve done this just click on Open to start up the SSH connection.
If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where 192.168.1.1 is your LEDE/OpenWRT device’s IP address.
First up we need to make sure tcpdump is installed on your device. Run the following commands:
opkg install tcpdump
Once you have tcpdump installed you just need to run the following to start piping the data into Wireshark:
"tcpdump -i br-lan -U -s0 -w - host 192.168.0.7" | wireshark -k -i -
This will pipe the captured packets related to the address 192.168.0.7
Change this address relative to what data you want to capture.