This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi folks, I have a dd-wrt mini router (Linksys WRT54GS v7) which I am worried may be compromised. It is sending out a packet every 5 seconds somewhere despite the fact that my WiFi is disabled (everything is hard-wired here) and all machines are either off or unplugged.

The simple topology would be:

Router --> Modem --> DSLam --> net provider [The modem is an old SpeedStream DSL modem.]

I know that it is not an internal network issue (i.e. not inside the LAN) since all computers are unplugged or off when packets are still being sent out.

I called my net provider but the network admin did not want to take the time to diagnose the issue even though I think this would be the quickest way to diagnose what is going on.

So my question is what would be the best way to diagnose this problem? How would I go about diagnosing it myself? I would like to know what type of packets the router is sending out.

asked 20 Sep '13, 15:00

Bongoman's gravatar image

Bongoman
1111
accept rate: 0%

how do you know the router sends packets every 5 seconds?

(20 Sep '13, 15:46) Kurt Knochner ♦

How would I go about diagnosing it myself?

Log into the router via ssh and run tcpdump on dd-wrt

tcpdump -ni eth0 not port 22

Maybe eth0 is not the right interface. Please check with ifconfig.

Regards
Kurt

permanent link

answered 20 Sep '13, 15:49

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×205
×58
×4
×2
×2

question asked: 20 Sep '13, 15:00

question was seen: 1,748 times

last updated: 20 Sep '13, 15:49

p​o​w​e​r​e​d by O​S​Q​A