This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can Wifi router run Wireshark?

0

Hi, New to Wireshark.

I would like to capture network packets on my own home network for educational purpose. I've read that you could install wireshark on the Wifi router itself that powered by either DD-WRT or OpenWRT firmware. So, you don't need another client to capture packets. However, I can't find any detailed tutorial on this. If anybody can provide these info:

a) Is there any way for the router to do it's primary job (provide wifi connection to clients), and capturing packets at the same time?

b) How about promiscuous mode?

c) Are SD card and USB drive good enough for the storage?

d) If I schedule to run wireshark 6 hours a day at around 200kbps data average, will this setup put too much load to the wifi router?

e) Is there any consumer grade wifi router that is capable to do this setup? Can you recommend some?

Thanks!

asked 03 Jun '15, 13:47

TrafalgarLaw's gravatar image

TrafalgarLaw
6112
accept rate: 0%

One Answer:

0

The real benefit of Wireshark is the GUI and what you can do therein. However, you won't be able to use the GUI version of Wireshark on the router, so there is no benefit for you to have Wireshark on DD-WRT or OpenWRT. I would do the capturing on the router with tcpdump and the analysis on Windows/MacOS/Linux. tcpdump is available on any Unix like system, which includes DD-WRT and OpenWRT.

To answer your questions:

a.) Sure, any multitasking OS is able to do that, which includes *WRT.
b.) No problem for *WRT
c.) Depends on the amount of data you'll have to write per second, as the write rate is rather low for those storage devices.
d.) usually no, but it depends on the overall load and the system parameters (CPU, RAM, etc.)
e.) recommend? No, but I can tell you, what I'm using: Netgear WNDR 3700/3800 plus some TP-Link routers to run DD-WRT and/or OpenWRT and/or Gargoyle (if you like the simple one).

Regards
Kurt

answered 03 Jun '15, 15:38

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

However, you won't be able to use the GUI version of Wireshark on the router

(Unless you have the X11 client library, and GTK+/Qt and the libraries they depend on, installed on the router, and ensure that when you run Wireshark the DISPLAY environment is set to point to the X server on your desktop machine. Whether you will be able to fit all that software on the router is another matter, and we can't really help much with such a significant project. I'd follow Kurt's suggestions instead.)

(03 Jun '15, 15:44) Guy Harris ♦♦

Sure X11 DISPLAY forwarding would work, but I doubt that X11 is available for DD-WRT and/or OpenWRT. Although I did not check yet, it would just not make much sense to have X11 on those devices.

(03 Jun '15, 15:47) Kurt Knochner ♦

Thanks, and which interface wireshark/tcpdump should listen to? I believe the router itself decodes wireless packets and sending them to dsl phone line output, can we tap at this point? Thanks again!

(04 Jun '15, 07:12) TrafalgarLaw

You have a DSL modem. DD-WRT does not work on DSL modems: http://www.flashrouters.com/blog/2015/02/03/best-options-for-using-vpn-ddwrt-with-modem-router-combo/

(04 Jun '15, 09:02) Amato_C

As @Amato_C said: There is no (easy) way to run a custom linux on a router with inbuilt DSL modem. So, your options are:

  • Capture the wifi/wlan traffic: https://wiki.wireshark.org/CaptureSetup/WLAN
  • Place a cheap wifi/wlan router in front of your DSL router and let it do wireless. Then you can capture everything on the router interface that's cconnected to you DSL router.
    client -- wlan --- cheap router with *WRT --- ethernet --- DSL Router --- Internet

Regards
Kurt

(05 Jun '15, 05:47) Kurt Knochner ♦