OpenWrt Forum Archive

Topic: another failsafe thread

The content of this topic has been archived on 30 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
paddy1337
10 Aug 2017, 14:59

Hello,

Computer:
Asus
Processor Intel i7
Ubuntu 16.04, 64bit

Router:
WRT54GL
Luci

Background (skip this if desired, issue at bottom)-
Attempted to create a man in the middle packet sniffer with the router; want to analyze packets of smartphone apps on a test phone. Installed tcpdump-mini and libpcap on the router.  Everything functioned as it should, EXCEPT, my tcpdump filters were not working. No syntax errors, but they were not affecting capture.  More detailed background, I'm SSH into the router to run tcpdump, and CAT'ing the output file from router onto my local Ubuntu machine (router has little memory, can't write local).

As you may know, this had TCPDUMP sniffing my SSH traffic, which snowballs as every packet sent is then captured, and tcpdump essentially captures on itself; and traffic grows exponentially. None of my filters to ignore my SSH would work (not port, not host, etc. etc.).  Eventually, I googled the right terms and found that TCPDUMP gets wonky with VLAN traffic, as it moves bits around int he header.  I added the "not vlan" command to my tcpdump filter and all the traffic was filtered; SUCCESS!  Not quite, i still had issues getting the syntax right to make tcpdump understand that traffic was vlan, but also apply my port filters.


**Bottom line- my dumbass thought it would be simple to just go into OpenWRT and disable vlan stuff to make life easy.  After hitting apply, I've been unable to talk with the router.  I did the failsafe restart, and this enables me to PING successfully (to 192.168.1.1), but no longer allows me to SSH in command line (connection refused) or to access OpenWRT through web-browser (firefox).  When not in failsafe mode, the ethernet connection never establishes, and even PING is unsuccessful.

Again, the system worked great for a while, I disabled vlan on all ports (dumb), and now cannot SSH.

Any thoughts?

(Last edited by paddy1337 on 10 Aug 2017, 15:06)

Post #2
paddy1337
10 Aug 2017, 15:51

Here's some examples of commands and responses. This is while in FAILSAFE mode:

root@computer69:/home/user# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.83 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.242 ms
^C

root@computer69:/home/user# ssh 192.168.1.1
ssh: connect to host 192.168.1.1 port 22: Connection refused


root@computer69:/home/user# scp test2.txt root@192.168.1.1:test2.txt
ssh: connect to host 192.168.1.1 port 22: Connection refused
lost connection

Post #3
paddy1337
11 Aug 2017, 19:24

I'm now looking at the traffic in wireshark between my machine and the "dead" router.  In failsafe mode the router sends a single UDP packet on startup. 1001bytes long.

Looking at the data, in unbroken out hex it says DE AD, then following that when a bit of hex is broken out it states "Please", then from there the rest of the data is all 0's.

Does open WRT send any kind of message like this when it's FUBAR?

Post #4
mk24
11 Aug 2017, 19:48

Older versions use telnet not ssh for first login.  Did you try telnet?

Post #5
paddy1337
11 Aug 2017, 19:51
mk24 wrote:

Older versions use telnet not ssh for first login.  Did you try telnet?

2 days messing with thing, and you solved it in 5 seconds.

Thanks greatly

The discussion might have continued from here.