Perhaps the title is a little misleading, but it’s an opportunity to combine two of my greatest loves: food and computers. I suppose even this intro is misleading. Oh. Forget it. Lets get down to business. And this time our business is rather short (and sweet).
I’ve been running Tomato firmware for quite a while now (from version 0.7 or something??). What a wonderful firmware. Definitely the very best. Neat. Stylish. Full of all the features one can think of. And then some. A true work of art.
Alas, I wanted to sniff some traffic to analyse using Wireshark (some SIP stuff, I might cover it some other time), and couldn’t be bothered getting my old heavy dusty hub out just to capture some packets. I was therefore turning to my fresh Tomato, but no such tool is available.
Well, not quite.
A few google searches concluded that I could probably get a pre-compiled binary, place it on a CIFS network share, and run it. So I did.
I download the latest ipkg of tcpdump off ipkg.nslu2-linux.org. Renamed the file to .tar.gz, untar’d it and extracted the binary inside data.tar.gz (/opt/bin/tcpdump).
I used a CIFS windows share feature on tomato. Straight under Administration->CIFS Client and pointed it to the share with the tcpdump binary. Telnet onto the router and off you go, saving the packet dump onto the same windows share. Then analyse it with Wireshark. Job Done. Smells delicious, doesn’t it?
# telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. unknown login: root Password: Tomato v1.21.1515 BusyBox v1.2.2 (2008.07.26-14:43+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # cd /cifs1 # ./tcpdump ip host 192.168.0.110 -w ./dumpfile.txt -s0 tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes