[Mods - If this is in the wrong category, please feel free to move.]
Hi folks,
New user here.
Does OpenWRT have a per device connection monitoring thing? I have a feeling my phone might have been hacked. I want to monitor what it is doing (when on wifi): what hosts it is connecting to, when, how much data is being uploaded / downloaded, etc..
I have read this can somewhat be achieved through tcpdump and wireshark. But the output from that is fairly hard to read. A far cry from the nice summary that Firewalla offers.
I have tried searching this forum and the internet looking for an answer. Could not find anything. Any ideas or suggestions?
all traffic is encrypted, unless you can do DPI, the info wireshark and/or tcpdump provides, is as close as you'll ever get.
as for geo locating your traffic, like in the screen shot you posted, it's probably useless, since the hacker would most likely make sure not to stand out in a crowd.
I think you can also get DNS info quiet easily.
Dnsmasq offers to log each query but I'm not sure how this is shown in the LuCI UI.
But yes, because everything is encrypted nowadays looking at traffic logs gets kinda useless.
Also most bot net control server are hosted at AWS or GCP you can't tell if it's just another cloud based web service or something else.
There are deep packet inspection tools available for Linux but I'm not sure if it's worth the effort in your case.
Regarding hacked phone... If you are not a target I would assume it's more some shitty app you have installed but not an device takeover by someone.
I do not need deep packet inspection. Just a historical look at what hosts it connected to and when. If I see "some-host-i-never-connected.to" in the logs at 3:00am, I can dig into that further.
I will look into AdBlock and collectd-mod-conntrack. Unless someone chimes in with a better answer.
