{"id":108,"date":"2011-04-16T12:00:27","date_gmt":"2011-04-16T11:00:27","guid":{"rendered":"http:\/\/emtunc.org\/blog\/?p=108"},"modified":"2016-01-10T11:11:19","modified_gmt":"2016-01-10T11:11:19","slug":"installing-tcpdump-on-dd-wrt-wrt54gl","status":"publish","type":"post","link":"https:\/\/emtunc.org\/blog\/04\/2011\/installing-tcpdump-on-dd-wrt-wrt54gl\/","title":{"rendered":"Installing TCPDump on DD-WRT WRT54GL"},"content":{"rendered":"<p>This article will serve as a quick tutorial on installing TCPDump on a LinkSys WRT54GL box running the custom DD-WRT firmware.<\/p>\n<p>TCPDump is a command line packet analyser. It&#8217;s a bit like Wireshark except it is command line based and in this tutorial, we will be installing it on a router and not on a PC.<br \/>\n<!--more--><\/p>\n<h2>Requirements and assumptions<\/h2>\n<p>There are a few requirements before you go ahead and install TCPDump&#8230; of which are listed below.<\/p>\n<ul>\n<li>I got TCPDump working on my WRT-54GL v1.1 box running the recommended firmware build (as of this post) 14929 std-nokaid<\/li>\n<li>You will need to enable <strong>JFFS2 Support<\/strong> &#8211; this can be found on the <em>Administration<\/em> &#8211;&gt; <em>Management<\/em> page.<\/li>\n<li>You will need a SSH\/Telnet session configured and open<\/li>\n<\/ul>\n<p>Note: If you run in to <em>File not found<\/em> errors, these are most likely due to not being enough free space on the JFFS storage. However these can be safely ignored. Read more about the errors <a title=\"DD-WRT Wiki\" href=\"http:\/\/www.dd-wrt.com\/wiki\/index.php\/Ipkg#What_if_your_jffs_partition_is_full_.28routers_with_NO_JFFS_space_avail.29\" target=\"_blank\">here<\/a>.<\/p>\n<p>Note2: The WRT54GL does not have enough storage space to &#8216;permanently&#8217; install TCPDump; because of this, the installation will disappear on a router recycle (as it is stored on RAM).<\/p>\n<h2>Installing TCPDump<\/h2>\n<p>Copy and paste the following in to your SSH\/Telnet session:<\/p>\n<p>[bash]<br \/>\nmkdir -p \/tmp\/smbshare\/tmp\/ipkg<br \/>\ncd \/tmp\/smbshare\/tmp\/ipkg<br \/>\nwget http:\/\/downloads.openwrt.org\/whiterussian\/packages\/libpcap_0.9.4-1_mipsel.ipk<br \/>\nipkg -d smbfs install libpcap_0.9.4-1_mipsel.ipk<br \/>\nwget http:\/\/downloads.openwrt.org\/whiterussian\/packages\/tcpdump_3.9.4-1_mipsel.ipk<br \/>\nipkg -d smbfs install tcpdump_3.9.4-1_mipsel.ipk<br \/>\nexport LD_LIBRARY_PATH=&quot;$LD_LIBRARY_PATH:\/tmp\/smbshare\/usr\/lib&quot;<br \/>\nPATH=&quot;$PATH:\/tmp\/smbshare\/usr\/sbin&quot;<br \/>\n[\/bash]<\/p>\n<h2>Running TCPDump<\/h2>\n<p>Simple! All you need to do is type <strong>tcpdump<\/strong>.<br \/>\nRunning tcpdump without any switches will just spit out all packets going in and out of the router.<br \/>\nThe full list of command line switches for tcpdump can be found on the man page <a title=\"TCPDump man page\" href=\"http:\/\/www.tcpdump.org\/tcpdump_man.html\" target=\"_blank\">here<\/a>.<\/p>\n<h2>Examples<\/h2>\n<p>[bash]tcpdump -D[\/bash]<br \/>\nThe -D will list all interfaces on the router&#8230; you can capture packets from a particular interface in future commands by using the -i switch<br \/>\n[bash]tcpdump -s 65535 -w \/tmp\/dump[\/bash]<br \/>\nThe above command will capture all 65535 bytes of the packets flowing in\/out of the router and save it to a file called dump in the \/tmp directory&#8230; by default, TCPDump only captures 96 bytes which isn&#8217;t very useful when you need to analyse the contents of the packets in Wireshark or similar.<br \/>\n[bash]tcpdump host 192.168.5.150 -w \/tmp\/dump -s 65535[\/bash]<br \/>\nThis command will save all packets going in\/out from the host 192.168.5.150 and save it to\u00a0 a dump file in the temporary directory.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article will serve as a quick tutorial on installing TCPDump on a LinkSys WRT54GL box running the custom DD-WRT firmware. TCPDump is a command line packet analyser. It&#8217;s a bit like Wireshark except it is command line based and in this tutorial, we will be installing it on a router and not on a [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1],"tags":[19,20,7,18],"class_list":["post-108","post","type-post","status-publish","format-standard","hentry","category-tech","tag-ddwrt","tag-linux","tag-networking","tag-tcpdump"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1trTO-1K","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/comments?post=108"}],"version-history":[{"count":2,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/108\/revisions"}],"predecessor-version":[{"id":2033,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/108\/revisions\/2033"}],"wp:attachment":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/media?parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/categories?post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/tags?post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}