The content of this topic has been archived on 6 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
I have a Vodafone branded HG658c which will update it's firmware when exposed to the internet, as it runs an tr-069 daemon. Normally the update would happen when it is plugged into an xDSL line. I would like to use a wired connection to my openwrt router to expose it to the net and capture all traffic on, say, LAN1, to USB storage. Post update, I want to use wireshark to examine the exchange.
How do I capture all traffic on LAN1?
TIA,
Dermot
(Last edited by dmcdonnell on 27 Mar 2014, 17:16)
For sniffing the exchange you need to make a man in the middle, but at the dsl port. You may need some kind of media converter.
Hopefully, the traffics are not encrypted.
Hi Dani & Mazilo,
I got a boot log by making a serial connection, you can find it here, http://pastebin.com/YxkiEtZn
My plan to capture the firmware update is not to use xDSL but to connect the HG658c to my Openwrt Router, an HG556a, via ethernet cable. I need to be able to capture the traffic on LAN1 ethernet port.
I realise it will likely be encrypted, but you never know until you check 
(Last edited by dmcdonnell on 28 Mar 2014, 14:58)
For sniffing the exchange you need to make a man in the middle, but at the dsl port. You may need some kind of media converter.
Dani,
Thank you very much for the link. Very interesting indeed.
I am looking at tcpdump to do the capture on the HG556a. Hopefully the HG658c will update its firmware once the TR-069 daemon can see the Vodafone server. I will report back. The HG658c is available for €20 in the second hand market here in Ireland.
Regards,
Dermot
I captured a Vodafone firmware update on the HG658c. I used telnet to access the cli on my OpenWrt r40296 router, an HG556a, and set tcpdump to capture all eth0 traffic.
tcpdump -nnvvXSs0 -w /mnt/usb/HG658c_update_bin
I used a cat5 cable to connect Lan1on the HG556a to the red WAN port on the HG658c. Within 20mins, the firmware on the HG658c had updated from:
Product type HG658c
Device IDF83DFF-Q8Y7NA9382600371
Hardware version HG658BZV VER.A
Software version V100R001C172B211
Batch number BC172P0.211.A2pv6F037g.d24b1
MAC Address 00:66:4B:32:CE:08
System up time 0 days 0 hours 1 minutes 43 seconds
to
Product type HG658c
Device ID F83DFF-Q8Y7NA9382600371
Hardware version HG658BZV VER.A
Software version V100R001C172B214
Batch number BC172P0.214.A2pv6F038m.d24b1
MAC Address 00:66:4B:32:CE:08
System up time 0 days 4 hours 34 minutes 48 seconds
The update was managed by the TR069 daemon on the HG658c. The firmware file appears to be encrypted. You can see the entire, and very interesting, transaction by downloading the capture file and using tcpdump, or your favourite tool, to view it. (15.5MB, tcp & udp packets only) at http://www.4shared.com/file/0nXSilrSba/ … pdump.html
New boot log: http://pastebin.com/1JaF3dPr
(Last edited by dmcdonnell on 29 Mar 2014, 18:24)
I don't know if this inexpensive USB Blaster will help you or not, but it is currently on sale for less than US$6 with free S/H to US and some other countries from China. It should work with flashrom and perhaps also OpenOCD.
I am a customer of Vodafone Turkey. I received my HG658C a few days ago. I looked on the net for a new firmware. I updated it to this: https://community.vodafone.ie/t5/Techni … d-p/147717
1) My modem was no locking feature. Now a lot of options are locked.
2) It was Turkish. Now it is english. (not important)
3) Now its firmware cannot be updated.
4) I have not original firmware also.
5) You are talking about FLASHING. I don't know how to do it.
6) (worst:) I FEEL LIKE AN IDIOT.
WHAT CAN I DO?
If you need to capture any traffic of any router, just put another router with OpenWRT in the middle between router to capture traffic and internet connection. Use brctl to make a bridge between two eth interfaces of the router in the middle and use tcpdump to capture the traffic.
The discussion might have continued from here.