Hi everyone, I have to see which packets are sent to transmit from a popular device on the network. So I installed:
cshark
lights-app-cshark + lang module
So I set: interface, acquisition time and no filter for understand where the problem is. But I don't see anything. Why? See attachments. Thank you.
(Since this is an official package, moved thread to Installing and Using OpenWrt.)
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: Failed to execute call dispatcher target for entry '/admin/network/cshark_link_list_get'.
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: The called action terminated with an exception:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: /usr/lib/lua/luci/controller/cshark.lua:108: module 'uci' not found:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no field package.preload['uci']
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file './uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/share/lua/uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/share/lua/uci/init.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci/init.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file './uci.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/loadall.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: stack traceback:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: [C]: in function 'require'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: /usr/lib/lua/luci/controller/cshark.lua:108: in function </usr/lib/lua/luci/controller/cshark.lua:107>
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: (tail call): ?
Out of curiosity and as an alternative, does tcpdump -w work?
Hello, sorry for late. Can i configure tcpdump to work with wireshark?
Yes you can, tcpdump has a save-to-file command line argument. In fact, I was actually going to simply suggest you do that instead.
A link manual will provide more details on the command syntax.
I'm confused by what you're asking. The saved file simply opens in Wireshark. I advise reviewing a Linux manual on tcpdump for details regarding how to configure the capture filter.
You can directly stream the packet output from tcpdump via SSH to wireshark. Here is a good example where you output the tcpdump traffic via SSH to a pipe on your local machine, and have wireshark read from it in real time:
I highly recommend sticking with tcpdump, since it's easier and you can easily tweak your capture filters to exclude any potential SSH traffic or other you might not want captured.
You can also make use of OpenWRTs firewall to mirror specific traffic to your Wireshark client. You'd have to install the iptables-mod-tee package and load that module.
An example I can give is:
iptables -t mangle -I PREROUTING -i br-lan -s 192.168.1.B -j TEE --gateway 192.168.1.A
iptables -t mangle -I POSTROUTING -o br-lan -d 192.168.1.B -j TEE --gateway 192.168.1.A
Where B is the device we want to mirror all traffic for, and A is the endpoint device where we will be monitoring traffic with Wireshark.
A modified example where you mirror all UDP traffic on port 53 going through interface br-lan, EXCEPT any traffic with the source/destination address 192.168.1.3:
iptables -t mangle -I PREROUTING -i br-lan -p udp --dport 53 ! -s 192.168.1.3 -j TEE --gateway 192.168.1.3
iptables -t mangle -I POSTROUTING -o br-lan -p udp --sport 53 ! -d 192.168.1.3 -j TEE --gateway 192.168.1.3