How to dump traffic without the usual tools like tcpdump?
I have a router which runs the Broadcom aeolus system: https://github.com/Broadcom/aeolus consisting of ecos and "normal" Linux.
I want to dump all the WAN traffic (controlled by ecos I think) or at least the LAN traffic (controlled by Linux).
The system is very limited, there are firewall rules, but nothing like iptables. Also something like tcpdump does not exist. There is busybox available and I could probably load a more recent version with more programs.
Is there any decent way with busybox or other tools to get the data out via network or maybe dumping to an attached USB drive?
linux networking
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have a router which runs the Broadcom aeolus system: https://github.com/Broadcom/aeolus consisting of ecos and "normal" Linux.
I want to dump all the WAN traffic (controlled by ecos I think) or at least the LAN traffic (controlled by Linux).
The system is very limited, there are firewall rules, but nothing like iptables. Also something like tcpdump does not exist. There is busybox available and I could probably load a more recent version with more programs.
Is there any decent way with busybox or other tools to get the data out via network or maybe dumping to an attached USB drive?
linux networking
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have a router which runs the Broadcom aeolus system: https://github.com/Broadcom/aeolus consisting of ecos and "normal" Linux.
I want to dump all the WAN traffic (controlled by ecos I think) or at least the LAN traffic (controlled by Linux).
The system is very limited, there are firewall rules, but nothing like iptables. Also something like tcpdump does not exist. There is busybox available and I could probably load a more recent version with more programs.
Is there any decent way with busybox or other tools to get the data out via network or maybe dumping to an attached USB drive?
linux networking
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have a router which runs the Broadcom aeolus system: https://github.com/Broadcom/aeolus consisting of ecos and "normal" Linux.
I want to dump all the WAN traffic (controlled by ecos I think) or at least the LAN traffic (controlled by Linux).
The system is very limited, there are firewall rules, but nothing like iptables. Also something like tcpdump does not exist. There is busybox available and I could probably load a more recent version with more programs.
Is there any decent way with busybox or other tools to get the data out via network or maybe dumping to an attached USB drive?
linux networking
linux networking
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
wantanwantan
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
wantanwantan
61
asked 3 hours ago
wantanwantan
61
61
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
wantan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
If your router device is located locally, rather than on some server farm, you are probably better off snooping the network traffic from outside the device rather than getting an embedded platform to log network traffic. There are several ways of going about this, but here are two simple network based solutions that work and will do what you want by exploiting Layer 1 of the OSI model.
Ethernet Hub
Hubs are usually inexpensive, but they are becoming more difficult to find in stores (probably easy enough to find online though). A hub can be a clutch tool when troubleshooting wired ethernet network coms (hubs can be confused for unmanaged switches, so make sure whatever you find is actually a hub and now some kind of switch).
An ethernet hub floods traffic to all of its ports. These can be hard on networks, but you can take advantage of the fact that a hub forwards traffic at layer 1 to all ports to snoop on traffic to other devices. If you plug a PC into one port on a hub and then plug your device into another, you will be able to wireshark or tcp dump all traffic going to your router. This would be an easy - no config option to capture traffic.
Managed Switch
You can achieve similar functionality to a hub with most managed switches. Any switch that supports port mirroring can allow you to easily configure two ports to function similarly to how a hub would treat all of its ports.
Mirror two ports and connect a PC to one and your router to the other, then with any capture tools you can acquire traffic that is going to and from your device.
answered 1 hour ago
datUserdatUser
2,7111135
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
wantan is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f507303%2fhow-to-dump-traffic-without-the-usual-tools-like-tcpdump%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If your router device is located locally, rather than on some server farm, you are probably better off snooping the network traffic from outside the device rather than getting an embedded platform to log network traffic. There are several ways of going about this, but here are two simple network based solutions that work and will do what you want by exploiting Layer 1 of the OSI model.
Ethernet Hub
Hubs are usually inexpensive, but they are becoming more difficult to find in stores (probably easy enough to find online though). A hub can be a clutch tool when troubleshooting wired ethernet network coms (hubs can be confused for unmanaged switches, so make sure whatever you find is actually a hub and now some kind of switch).
An ethernet hub floods traffic to all of its ports. These can be hard on networks, but you can take advantage of the fact that a hub forwards traffic at layer 1 to all ports to snoop on traffic to other devices. If you plug a PC into one port on a hub and then plug your device into another, you will be able to wireshark or tcp dump all traffic going to your router. This would be an easy - no config option to capture traffic.
Managed Switch
You can achieve similar functionality to a hub with most managed switches. Any switch that supports port mirroring can allow you to easily configure two ports to function similarly to how a hub would treat all of its ports.
Mirror two ports and connect a PC to one and your router to the other, then with any capture tools you can acquire traffic that is going to and from your device.
answered 1 hour ago
datUserdatUser
2,7111135
add a comment |
If your router device is located locally, rather than on some server farm, you are probably better off snooping the network traffic from outside the device rather than getting an embedded platform to log network traffic. There are several ways of going about this, but here are two simple network based solutions that work and will do what you want by exploiting Layer 1 of the OSI model.
Ethernet Hub
Hubs are usually inexpensive, but they are becoming more difficult to find in stores (probably easy enough to find online though). A hub can be a clutch tool when troubleshooting wired ethernet network coms (hubs can be confused for unmanaged switches, so make sure whatever you find is actually a hub and now some kind of switch).
An ethernet hub floods traffic to all of its ports. These can be hard on networks, but you can take advantage of the fact that a hub forwards traffic at layer 1 to all ports to snoop on traffic to other devices. If you plug a PC into one port on a hub and then plug your device into another, you will be able to wireshark or tcp dump all traffic going to your router. This would be an easy - no config option to capture traffic.
Managed Switch
You can achieve similar functionality to a hub with most managed switches. Any switch that supports port mirroring can allow you to easily configure two ports to function similarly to how a hub would treat all of its ports.
Mirror two ports and connect a PC to one and your router to the other, then with any capture tools you can acquire traffic that is going to and from your device.
answered 1 hour ago
datUserdatUser
2,7111135
add a comment |
If your router device is located locally, rather than on some server farm, you are probably better off snooping the network traffic from outside the device rather than getting an embedded platform to log network traffic. There are several ways of going about this, but here are two simple network based solutions that work and will do what you want by exploiting Layer 1 of the OSI model.
Ethernet Hub
Hubs are usually inexpensive, but they are becoming more difficult to find in stores (probably easy enough to find online though). A hub can be a clutch tool when troubleshooting wired ethernet network coms (hubs can be confused for unmanaged switches, so make sure whatever you find is actually a hub and now some kind of switch).
An ethernet hub floods traffic to all of its ports. These can be hard on networks, but you can take advantage of the fact that a hub forwards traffic at layer 1 to all ports to snoop on traffic to other devices. If you plug a PC into one port on a hub and then plug your device into another, you will be able to wireshark or tcp dump all traffic going to your router. This would be an easy - no config option to capture traffic.
Managed Switch
You can achieve similar functionality to a hub with most managed switches. Any switch that supports port mirroring can allow you to easily configure two ports to function similarly to how a hub would treat all of its ports.
Mirror two ports and connect a PC to one and your router to the other, then with any capture tools you can acquire traffic that is going to and from your device.
answered 1 hour ago
datUserdatUser
2,7111135
If your router device is located locally, rather than on some server farm, you are probably better off snooping the network traffic from outside the device rather than getting an embedded platform to log network traffic. There are several ways of going about this, but here are two simple network based solutions that work and will do what you want by exploiting Layer 1 of the OSI model.
Ethernet Hub
Hubs are usually inexpensive, but they are becoming more difficult to find in stores (probably easy enough to find online though). A hub can be a clutch tool when troubleshooting wired ethernet network coms (hubs can be confused for unmanaged switches, so make sure whatever you find is actually a hub and now some kind of switch).
An ethernet hub floods traffic to all of its ports. These can be hard on networks, but you can take advantage of the fact that a hub forwards traffic at layer 1 to all ports to snoop on traffic to other devices. If you plug a PC into one port on a hub and then plug your device into another, you will be able to wireshark or tcp dump all traffic going to your router. This would be an easy - no config option to capture traffic.
Managed Switch
You can achieve similar functionality to a hub with most managed switches. Any switch that supports port mirroring can allow you to easily configure two ports to function similarly to how a hub would treat all of its ports.
Mirror two ports and connect a PC to one and your router to the other, then with any capture tools you can acquire traffic that is going to and from your device.
answered 1 hour ago
datUserdatUser
2,7111135
answered 1 hour ago
datUserdatUser
2,7111135
answered 1 hour ago
datUserdatUser
2,7111135
answered 1 hour ago
datUserdatUser
2,7111135
2,7111135
add a comment |
add a comment |
wantan is a new contributor. Be nice, and check out our Code of Conduct.
wantan is a new contributor. Be nice, and check out our Code of Conduct.
wantan is a new contributor. Be nice, and check out our Code of Conduct.
wantan is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f507303%2fhow-to-dump-traffic-without-the-usual-tools-like-tcpdump%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
