Comments on: sniffing some fresh tomatoes

By: Ran Sagy

Ran Sagy — Mon, 17 May 2010 19:32:03 +0000

Hi there!

Tried following your instructions on a newly purchased WRT54GL v1.1 running Tomato 1.27 and i can’t get tcpdump to run – regardless of which binary i try.

Any idea where to get a fresh binary that runs on tomato?

By: Yoav Aner

Yoav Aner — Sat, 05 Sep 2009 03:42:56 +0000

Hi clueless, I’m not entirely sure what you are doing and – perhaps more importantly, on which host you are running which command. I simply saved the tcpdump output into a file and only later opened it with wireshark.

Perhaps use the wireshark -r instead?
(see here )

Make sure you run wireshark on your pc where it has full permissions to the tcpdump file (which would probably be on the smb share). Hope this helps.

By: Clueless

Clueless — Sat, 05 Sep 2009 02:17:26 +0000

Oh, I get it. You extract the binary to your desktop computer, share it in a samba folder, then enter something like \\192.168.1.142\shared in the /cifs1 UNC section of the Tomato configuration, then enter username and password below that, then you can see it and run it when you go “cd /cifs1″

It doesn’t work, though. If I do it locally like

sudo tcpdump -i eth1 -w pipe

and then in another terminal

wireshark -k -i pipe

it works, but it doesn’t work if I log into the router and do

tcpdump -w pipe -s0

By: Clueless

Clueless — Sat, 05 Sep 2009 01:33:21 +0000

What you’ve shown here is just how to start the tcpdump program, right? What commands do you use to get it into the router’s /opt/bin/ folder? Or do you download it with the router’s wget command?

By: Daniel

Daniel — Sun, 22 Mar 2009 18:43:55 +0000

Beautiful! Can’t express my thanks enough!

By: Matt

Matt — Fri, 20 Mar 2009 20:49:23 +0000

Thanks, this was sweet. Your directions are perfect.

By: Yoav Aner

Yoav Aner — Sat, 24 Jan 2009 01:31:35 +0000

Sorry Martin, but I really don’t have any ideas. I’m assuming you’re running the latest firmware?

By: Martin

Martin — Fri, 16 Jan 2009 10:35:18 +0000

Hi,

I’ve tried to do that on Wrt54GL but it complains about libpcap, so I’ve also downloaded libpcap, tried to create symlink (from libpcap.0.9.4 to libpcap.0.9), but it still complains about shared library. Tried to export LD_LIBRARY_PATH to /cifs1/, no luck.

Any ideas?

By: Yoav Aner

Yoav Aner — Thu, 08 Jan 2009 15:58:31 +0000

Hi Arlene,

Glad you managed to get it working.

Of course you can use SSH instead of telnet. This is a standard feature of the tomato firmware.

Look under Administration->Admin Access (SSH Daemon)

By: Arlene

Arlene — Sun, 04 Jan 2009 16:28:57 +0000

Hi Yoav,

I got tcpdump to capture in the way I want and then used Wireshark to sharpen the focus.

Again, lots of thanks to you.

Could SSH daemon be used instead of telnet?