Comments on: sniffing some fresh tomatoes

By: Yoav Aner

Yoav Aner — Thu, 05 Jan 2012 16:37:22 +0000

Thanks Zach !

Hope I understood what you are saying correctly. Unless you’re doing heavy filtering, it’s probably not such a great idea to just see tcpdump output on-screen. Therefore it’s easier some time to just dump it into file and then load it with an easier tool like wireshark. It might also perform better on such a small device, but I’m not sure about that.

By: Zach Dwiel

Zach Dwiel — Thu, 05 Jan 2012 16:08:59 +0000

If you don’t need to dump the output to a file, then you can bypass the cifs step and just download tcpdump from here:

http://www.dslreports.com/forum/r21525639-Tomato-GNULinux-Tips-Tricks

What I did:

$ wget http://www.dslreports.com/r0/download/1376456~0df06f4164393e0fdd2aa2eede183328/tcpdump.zip
$ unzip tcpdump.zip
$ rm tcpdump.zip
$ chmod +x tcpdump
$ ./tcpdump …

By: Chris W

Chris W — Wed, 04 May 2011 11:58:30 +0000

Got this running in minutes, thanks for the concise instructions!

By: Ran Sagy

Ran Sagy — Mon, 17 May 2010 19:32:03 +0000

Hi there!

Tried following your instructions on a newly purchased WRT54GL v1.1 running Tomato 1.27 and i can’t get tcpdump to run – regardless of which binary i try.

Any idea where to get a fresh binary that runs on tomato?

By: Yoav Aner

Yoav Aner — Sat, 05 Sep 2009 03:42:56 +0000

Hi clueless, I’m not entirely sure what you are doing and – perhaps more importantly, on which host you are running which command. I simply saved the tcpdump output into a file and only later opened it with wireshark.

Perhaps use the wireshark -r instead?
(see here )

Make sure you run wireshark on your pc where it has full permissions to the tcpdump file (which would probably be on the smb share). Hope this helps.

By: Clueless

Clueless — Sat, 05 Sep 2009 02:17:26 +0000

Oh, I get it. You extract the binary to your desktop computer, share it in a samba folder, then enter something like \\192.168.1.142\shared in the /cifs1 UNC section of the Tomato configuration, then enter username and password below that, then you can see it and run it when you go “cd /cifs1″

It doesn’t work, though. If I do it locally like

sudo tcpdump -i eth1 -w pipe

and then in another terminal

wireshark -k -i pipe

it works, but it doesn’t work if I log into the router and do

tcpdump -w pipe -s0

By: Clueless

Clueless — Sat, 05 Sep 2009 01:33:21 +0000

What you’ve shown here is just how to start the tcpdump program, right? What commands do you use to get it into the router’s /opt/bin/ folder? Or do you download it with the router’s wget command?

By: Daniel

Daniel — Sun, 22 Mar 2009 18:43:55 +0000

Beautiful! Can’t express my thanks enough!

By: Matt

Matt — Fri, 20 Mar 2009 20:49:23 +0000

Thanks, this was sweet. Your directions are perfect.

By: Yoav Aner

Yoav Aner — Sat, 24 Jan 2009 01:31:35 +0000

Sorry Martin, but I really don’t have any ideas. I’m assuming you’re running the latest firmware?