Packets capturing with ASUS WL500W
Our previous article was also devoted to the problem of packets capturing with ASUS device. It seems there is nothing more to discuss. Still the topic is not covered yet. This time we are going to tell you about well-known utility TCPDump that runs not on the ordinary PC or notebook, but on the wireless router ASUS WL500W.
It is important to mention that the task we set is the same – traffic capturing for its further analyzing during network troubleshooting process and for login/password collecting. We’ll try to give the most detailed description of the capturing process. The whole material is given here for educational purposes only.
Official firmware is not functional enough for capturing, so we have to use alternative firmware (by Oleg). See this web-page for more details about inofficial firmware releases. This firmware gives a telnet access to administrator and provides telnet-demon with an ability to check username and password. To get access to the telnet-demon at the router you can use either built-in telnet client or professional console tool – PuTTy.
At logon, the user will be asked for his username and password, which are the same to the pair (login/password) in the web-interface. After entering correct data, the user will get an access to the shell of the embedded operation system and to TCPDump as well. The full description of the utility can be found here.
WL500W has an important advantage over SL1200 – possibility to connect external storage devices such as flash-cards or USB hard drives. After the attachment, such device is automatically mounted into /tmp/harddisk. For our purposes, we have attached 2 GB flash card to one of two WL500W USB-ports.
We are interested in frames with sizes less or equal to 1500 bytes. Capturing will be carried out in all available interfaces the list of which you can get via “tcpdump –D” command. It is important to emphasize that promiscuous mode cannot be activated when you select all available interfaces.
We will save files onto the external storage device into the file test.log. To fulfill the requirements mentioned above we run tcpdump utility with the parameters listed below: «tcpdump -i 5 -s 1500 -w /tmp/harddisk/test.log». The tcpdump process can be interrupted by pressing hot-keys ctrl+c or by c-parameter, i.e. by indicating the maximum number of packets for the capturing. The screenshot below shows the result of manually interrupted tcpdump.
Now we need to copy the saved file to out PC for its further analysis. We can use any FTP-client for this purpose. We work under Windows Vista, so we are going to use the built-in console FTP-client.
As shown above we have got a file test.log from the FTP-server and saved it on the C drive. We open it in Wireshark.
Now we can convert this file into any format understandable for Wireshark for the further parsing and analyzing. But further manipulations are not so interesting, that’s why we are going to finish our article here.
The author would like to acknowledge the help of Andreeva Maria, who corrected the english version of the article.