Is there a way to do this?

Hey guys. I was thinking of how to achieve this. Normally the firewall in openwrt is configured to reject any incoming traffic. Instead of rejecting this traffic, is it possible to ignore the dest port or ip and tcpdump it into a file on the router (or ssh-ing with wireshark) in order to analyse it's data?


You can theoretically just log all rejected traffic, but you will need to do this on a powerful system with plenty of robust storage (think x86 with a spinning platter disk). Performance on anything other than a general purpose computer will likely be very poor, and you will destroy any flash-based storage with the amount of data that would be dumped.

There are probably more targeted approaches if you have specific stuff in mind.