[Official] tcpdump

[Whistle Master]

Module: tcpdump

Version: 1.4

Features:

• Manage dependencies
  
• Configure tcpdump options and filters
  
• Dump History
  

Change log:

1.4

• Bug fixes
  

[Purrball]

This is probably a stupid question but im not too familiar with tcpdump... which interface should be the appropriate choice for watching inbound traffic? (And not capturing everything you do while browsing through the NANO interface)

[M47H3W]

This is probably a stupid question but im not too familiar with tcpdump... which interface should be the appropriate choice for watching inbound traffic? (And not capturing everything you do while browsing through the NANO interface)

It should be the last one and should have the word "lan" in it, or at least that's the case for me. To easily find out, try every one until it tells you that it's scanning 255 addresses and NOT -1 addresses.

[Purrball]

It should be the last one and should have the word "lan" in it, or at least that's the case for me. To easily find out, try every one until it tells you that it's scanning 255 addresses and NOT -1 addresses.

Cool, that's the one I tried but it was capturing everything I clicked on while going through settings in the Dashboard. I guess that's an unintended side effect of a shared connection? Thanks!

[Purrball]

Anybody else running tcpdump and encountering crashing? It doesn't last for more than a few hours at most, the process seems to die without any information, and when heading back into the module settings it's 'not running'. Trying to run it again ends up crashing the Pineapple and I'm forced to reboot or shut it down.

[sud0nick]

I'm noticing that it turns wlan1 into wlan1mon even when I select wlan2 for capture and doesn't change it back after tcpdump is stopped. This conflicts with PineAP and as far as I can tell requires a reboot of the NANO since I couldn't bring it back up using iw or ifconfig (maybe I was doing it wrong). The exact command run from the module was

tcpdump -i wlan2 -v -X 

Can you fix this WM?

[Whistle Master]

Well, that's really weird because this is not done by the module. The module does not change the interfaces. The command as you see it in the GUI is directly started without any modification.

I guess you're using a usb wireless adapter with your nano ? I tried with my second wireless adapter with the exact command you gave and I don't have any issue, the module does not change anything with the interfaces.

You can see it yourself by starting your command from the module, then ssh to the NANO and issue "ps | grep tcpdump" you will see that it's using the correct interface.

[sud0nick]

I tested it out a couple more times with the NANO. Yes, I am using a USB wireless card for client mode on my home network. Here is exactly what's happening:

1. Boot NANO, access it from (192.168.x.x IP), run ifconfig (everything is normal)
2. Select tcpdump options as shown in previous post and start running it for capture on wlan2
3. Stop capture and check ifconfig (wlan1 is gone and wlan1mon is in its place).

One thing I noticed yesterday is when I access the NANO via its 172.16.42.1 IP this issue doesn't come up. Could this be from accessing the NANO with the IP assigned to wlan2 then attempting to capture on wlan2?

[Purrball]

Adding to my previous post, today tcpdump is giving me Segmentation faults when crashing, suppose that's a better report, if I can be helpful with info at all...

[skib]

I have installed the tcpdump on the SD card (on my nano).

It - sort of - works - sometimes - but seems unpredictable and unreliable.

It does capture "things", but it seems impossible to interpret (as normal frames).

The log sometimes does not seem to update.

The history sometimes does not seem to update.

Sometimes - when I stop a session - suddenly the log updates and indicates that a large number of frames were captured, but there is nothing in the history.

[Whistle Master]

The log in the module does not "show" a lot of things, only when you stop tcpdump, you'll see some stats, so that's normal behaviour

It can happen that the history log is not refreshed. In that case it can be refreshed with the Refresh button.

Then, you have to download the history file to analyse it with Wireshark for example.

[JCAG]

Hey Whistle,

Just wanted to give you a shout-out! 

I finally got around to using the tcpdump module today, and oh man...when I tested it out with some wireless devices that were connected to the wifi pineapple (using an Internet Connection Sharing through a VPN, no less) and I browsed some websites that fail to use https even at a login page (*face-palm*) I was able to see the usernames and passwords in clear plain-text.

If this doesn't scare lazy web-developers, I don't know what will...

I'm going to use this method from now on as an example to show people why http has GOT TO GO.

Thanks for a great tool!

[dummys]

Dear @Whistle Master

Your module is not working on latest TETRA with latest firmware. It seems that the modules.php in api is broken.

When starting tcpdump module I get a log saying "/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval :line 1 : -w: not found".

After debugging a little bit your stuff it appears that in modules.php the: $this->request->command doesn't yield any command. Thus the concatenation is working but without any command.

Can you fix it please ?

Thanks.

Cheers,

Jon

 

 

[_bugs_]

Hi,

I have just flashed my Nano on the latest firmware, formatted my SD card and reinstalled all my modules from scratch *on the SD card*.

I just tried to run tcpdump, after installing the dependencies and I am getting the following error:

 /pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

Anyone can help troubleshooting this problem?

Thanks.

Bugs.

[_bugs_]

By the way, it makes no difference if I install the plugin on Internal memory.

Also, I can ssh to the NANO and run the tcpdump executable fine... just getting an error from the GUI.

Thanks.

Bugs.

[_bugs_]

Hi Again,

Ok, so I have troubleshooted the problem. I don't know how this module can work for anyone in its current state...

looked at the /pineapple/modules/tcpdump/scripts/tcpdump.sh

that line:

eval ${MYCMD}

is what is causing the problem and the variable is set by

MYCMD=`cat /tmp/tcpdump.run`

looking at what that tcpdump.run is, produces:

-w /pineapple/modules/tcpdump/dump/dump_1518077505.pcap 2> /tmp/tcpdump_capture.log

so the problem is that tcpdump is missing from the beginning of that line!

I fixed the problem by changing the variable line to

MYCMD="tcpdump `cat /tmp/tcpdump.run`"
 

But then I get the following error on the GUI

tcpdump: /pineapple/modules/tcpdump/dump/dump_1518077956.pcap: No such file or directory

 

So I just created that dump folder

and now it runs....

Again, this was from a fresh Nano firmware install, with an empty SD card. Doesn't seem like it is normal behavior ;)

Hope it helps someone if they have the same problem. 

B.

[bxwifi]

I had the same problem and followed your instructions and it worked.

After messing around with the settings, I chose an interface under the configurations which generated a command in the UI, and then I started getting the command "tcpdump tcpdump ..."  So it looks like you need to choose some settings to generate a command in the UI to avoid the missing tcpdump command in the eval.

[micadunet]

Hi,

 

I installed the module tcpdump on my sd card.

When I click on start, nothing happens.

How can I resolve that bug? I really don t understand.

thanks a lot

 

[Just_a_User]

@Whistle Master

On firmware 2.1.0 installation seemed to miss making the dump directory, once made dumps are working. The history section is empty even though dumps exists and the history counter is counting something else.

[b0N3z]

20 hours ago, Just_a_User said:

@Whistle Master

On firmware 2.1.0 installation seemed to miss making the dump directory, once made dumps are working. The history section is empty even though dumps exists and the history counter is counting something else.

Responder history is doing the same thing.

[p28312]

On firmware 2.3.1 - TCP Dump 1.5

/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

[Just_a_User]

3 hours ago, p28312 said:

On firmware 2.3.1 - TCP Dump 1.5

/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

dump directory is not made on install

mkdir /pineapple/modules/tcpdump/dump

 

[p28312]

5 hours ago, Just_a_User said:

dump directory is not made on install

mkdir /pineapple/modules/tcpdump/dump

 

Thanks, I create the dump directory, i still get the same error. Any other suggestions?

[Just_a_User]

1 hour ago, p28312 said:

Thanks, I create the dump directory, i still get the same error. Any other suggestions?

Ummm your not trying to run that script on its own are you? to use tcpdump you can just run the tcpdump command from terminal.

Once the dump dir is made the module should work as is, well, it does for me on both tetra and nano.

[p28312]

1 minute ago, Just_a_User said:

Ummm your not trying to run that script on its own are you? to use tcpdump you can just run the tcpdump command from terminal.

Once the dump dir is made the module should work as is, well, it does for me on both tetra and nano.

No, from the module (web GUI).  I created the directory from terminal.  I'll try to do it via the tcpdump command too.