tcpdump install

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
Blue Fishey
DD-WRT Novice


Joined: 03 Jan 2013
Posts: 12

PostPosted: Fri Jan 04, 2013 15:29    Post subject: tcpdump install Reply with quote
Emmm

running latest build on netgear 3700v2

Followed the below, installed no prob.

But when you run tcpdump you get Permission Denied

Help

Hi again. I keep forgetting my own instructions so I repacked tcpdump and the library to make the process much simpler.

cd /tmp
wget http://www.seanster.com/dd-wrt/tcpdump-wrt.tgz
tar -zxvf tcpdump-wrt.tgz
# rm tcpdump-wrt.tgz
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/usr/lib
/tmp/usr/sbin/tcpdump

All files and instructions can be found here:
http://www.seanster.com/dd-wrt/

I also created md5 hashes just in case.
Sponsor
andrejt
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 24

PostPosted: Mon Aug 12, 2013 8:54    Post subject: Re: tcpdump install Reply with quote
Blue Fishey wrote:

Hi again. I keep forgetting my own instructions so I repacked tcpdump and the library to make the process much simpler.

cd /tmp
wget http://www.seanster.com/dd-wrt/tcpdump-wrt.tgz
tar -zxvf tcpdump-wrt.tgz
# rm tcpdump-wrt.tgz
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/usr/lib
/tmp/usr/sbin/tcpdump

All files and instructions can be found here:
http://www.seanster.com/dd-wrt/

I also created md5 hashes just in case.


Hello,

Followed your instructions, but still get permission denied :\

Router : Linksys WRT160NL
DDWRT : build 21286 (v24-sp2 (04/15/13) std)

Any ideas?

Thanks for your help and have a nice day.
nickj
DD-WRT Novice


Joined: 06 May 2015
Posts: 13

PostPosted: Thu May 21, 2015 11:47    Post subject: Re: tcpdump install Reply with quote
andrejt wrote:

Followed your instructions, but still get permission denied :\


Same problem with permission denied, on a recent build (05/06/15, SVN revision: 26839).
ThoreauHD
DD-WRT User


Joined: 07 May 2015
Posts: 77

PostPosted: Sun May 24, 2015 21:13    Post subject: Reply with quote
Can you do something for me. Type 'whoami' & enter and then type 'ls -al /tmp/usr/sbin/tcpdump' & enter and post the output, if you would. Thanks.

Typically it's a chmod permission error in Linux. Easily fixed by finding who wants to execute it and what the existing permissions are. chmod 777 or +rxw tcpdump would fix it for everyone, but it's not typically good security practice to give everyone execute/write permissions(even in a tmp directory). So, trying to see who's kicking it off.
nickj
DD-WRT Novice


Joined: 06 May 2015
Posts: 13

PostPosted: Mon May 25, 2015 8:39    Post subject: Reply with quote
ThoreauHD wrote:
Can you do something for me. Type 'whoami' & enter and then type 'ls -al /tmp/usr/sbin/tcpdump' & enter and post the output, if you would. Thanks.


Sure, no problem:

Code:

root@DD-WRT:/tmp# /tmp/usr/sbin/tcpdump
-sh: /tmp/usr/sbin/tcpdump: Permission denied
root@DD-WRT:/tmp# ls -al /tmp/usr/sbin/tcpdump
-rwxrwx---    1 root     root        653832 Jan 30  2007 /tmp/usr/sbin/tcpdump
root@DD-WRT:/tmp# whoami
-sh: whoami: not found
root@DD-WRT:/tmp# id
uid=0(root) gid=0(root) groups=0(root)
root@DD-WRT:/tmp# chmod +rxw /tmp/usr/sbin/tcpdump
root@DD-WRT:/tmp# /tmp/usr/sbin/tcpdump
-sh: /tmp/usr/sbin/tcpdump: Permission denied
root@DD-WRT:/tmp#
bcwhite
DD-WRT Novice


Joined: 27 Jun 2015
Posts: 1

PostPosted: Sat Jun 27, 2015 3:43    Post subject: Fixed? Reply with quote
Was this ever resolved? I'm getting the same "permission denied" under "DD-WRT v24-sp2 (03/25/13) std".
salzrat
DD-WRT Novice


Joined: 20 Dec 2014
Posts: 32

PostPosted: Sat Aug 01, 2015 21:14    Post subject: Reply with quote
It has nothing to do with permissions. I think the package is too old for current builds, or you need a package compiled for your router.

I succeeded with running ipkg against the trunk version of tcpdump for my WNDR3700v1:

Code:

cd /tmp/ipkg
wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libpcap_1.5.3-1_ar71xx.ipk
wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/tcpdump_4.5.1-4_ar71xx.ipk
ipkg -d /tmp install libpcap_1.5.3-1_ar71xx.ipk
ipkg -d /tmp install tcpdump_4.5.1-4_ar71xx.ipk
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/usr/lib


Note here you have to substitute "ar71xx/generic" by the directory of your specific router platform, and you should check in that directory what is the latest version of tcpdump.
ipkg will throw an error in the post-install script, but that doesn't hurt.
nickj
DD-WRT Novice


Joined: 06 May 2015
Posts: 13

PostPosted: Mon Aug 03, 2015 2:47    Post subject: Reply with quote
salzrat wrote:
I succeeded with running ipkg against the trunk version of tcpdump for my WNDR3700v1:


Thank you so much, Salzrat! Those exact same instructions worked great on my D-link DIR-632 (same ar71xx chipset). So now I can run /tmp/usr/sbin/tcpdump , and it shows all the network traffic - yay!
salzrat
DD-WRT Novice


Joined: 20 Dec 2014
Posts: 32

PostPosted: Mon Aug 03, 2015 6:53    Post subject: Reply with quote
Good!

Meanwhile, if you want to capture longer logs for analysis with Wireshark, it makes sense to pipe them to a PC on the network.

Since the environment variable doesn't stick for ssh sessions, I created a script on the router in /tmp/root:
Code:

#!/bin/sh
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/usr/lib
/tmp/usr/sbin/tcpdump -i eth1 -s0 -w -


(I've restricted to my WAN interface, eth1, in this case).

On the PC, you could then just do
Code:

plink root@x.x.x.x ./tcpdump >test.pcap


if you are running Windows with putty installed (on Linux, you can just use ssh). However, ssh/plink asks for a password, so you should use key-authentication. Generate a public key using puttygen, paste it into the authorized keys section in the webinterface (making sure that sshd is enabled). This can be found in the Services tab (note the key needs to be formatted slightly differently on the router). Use pageant on the PC to load your private key.

Note that tcpdump will not survive a reboot of a router, since it's in RAM only.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum