Sunday, August 6, 2017

OpenWrt Remote Network WireShark Packet Feed

After my last post on installing OpenWrt on a Cisco/LinkSys EA3500 to stream RTL-SDR data, I was inspired to investigate other "interesting" data to stream from a WiFi hub. In particular I was hoping to sniff some ESP8266/ESP32 packets during development.

 I had an old Linksys E1200 on hand. Things looked a little bleak as the OpenWrt site seemed to indicate there were some issues. However the router noted there was apparently slightly different than mine (I have the Cisco logo) so I thought I'd give it a try.

At the bottom of the Linksys TechData page I found a link to the OpenWrt firmware: openwrt-15.05-brcm47xx-mips74k-linksys-e1200-v2-squashfs.bin and downloaded it (there are other downloads here in case you don't have a V2, etc). Install was easy from the stock Linksys firmware. I was able to easily telnet to IP - a fixed address when plugging the router into my test network, not via DHCP. This also meant it had no clue as to DNS, default router, etc. Surprisingly LuCI came pre-installed with the bin image. I still edited the config file manually.

You'll probably need to use vi to edit the config files if you don't use LuCI:

i          - to insert
[esc] :qw  - to same and exit
I added only 2 lines to the /etc/config/network file - the gateway and dns settings:
config interface 'lan'
        option ifname 'eth0.1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option gateway ''
        option dns ''
        option ip6assign '60'
Reload the network settings:

/etc/init.d/network reload
Try to ping (or anything on the internet) from the router. If successful, install a few things:
opkg update
opkg install nano # install nano if you don't know VI/VIM very well
opkg install tcpdump # this is the important part that will be called remotely from you client wireshark

On your local Ubuntu:
sudo apt-get install wireshark
sudo mkfifo /tmp/pipe
sudo chmod 777 /tmp/pipe

Or on Windows WSL (Ubuntu on Windows 10):
sudo apt-get install wireshark
sudo apt-get install x11-apps
export DISPLAY=:0 # you may wish you put in this your ~/.bashrc
Then for wireshark:
wireshark -k -i /tmp/pipe & ssh root@ "tcpdump -i any -s 0 -U -w - not port 22" > /tmp/pipe
It should look something like this. There's initially a failure message, but then a few moments later a password prompt. One you login, all the WiFi router packets should be forwarded to the your local network packet capture!
0 $ wireshark -k -i /tmp/pipe & ssh root@ "tcpdump -i any -s 0 -U -w - not port 22" > /tmp/pipe
[3] 4709
Failed to connect to generic netlink.
root@'s password:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

For Windows 10 WSL: I downloaded XMing X-windows client. Be careful,there are a lot of fake download links there. If you know of a better place to download XMing or some other Windows X-windows client, please let me know. Despite being 8 years old - XMing seems to work well on Windows 10:

Pinging google from local router

viewing local router traffic on remote WSL WireShark w/XMing

No comments:

Post a Comment

comments are welcome, but I prefer not to allow links to promotions or other unrelated services.

ATECC508A Embedded Crypto - Next Impressions setting up AWS

The state of Internet of Things (IoT) Security is a disaster. Hardly a day goes by without news that some new product is discovered to also ...