Run tcpdump on Tomato firmware without thumb drive

tcpdump is a great asset to troubleshoot a network issue. Due to storage limitation, tcpdump is not included in the default. Here is the way to get it working without a thumb drive.

Tested on Tomato 1.28 rev 116 by Shibby on a NETGEAR 3500Lv2.

Check that you have enough space

You need about 2MB in /tmp to be safe:

df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 8.6M 8.6M 0 100% /
tmpfs 61.9M 1.4M 60.5M 2% /tmp
devfs 61.9M 0 61.9M 0% /dev

Get the binary file

cd /tmp
wget http://www.dslreports.com/r0/download/1376456~0df06f4164393e0fdd2aa2eede183328/tcpdump.zip
unzip tcpdump.zip
chmod +x tcpdump
rm tcpdump.zip

Capture traffic

Due to limited resources of the small routers likely to run Tomato firmware, you need to limit the amount of captured data.

Example:

./tcpdump -i eth0 src 192.168.1.100

If you want to use WireShark to analyse the traffic details, you need to use a command such as:

tcpdump -i  -s 65535 -w
The filesystem would be quickly saturated! Better use a cifs storage or a thumb drive!
Valve

tcpdump – Careful opening the valve!

 

Got a thumb drive?

If you had a thumb drive, you can use OptWare.

On Tomato by Shibby, OptWare can be installed from SSH with the following command after mounting the USB drive in /opt:

/usr/sbin/optware-install.sh

The list of the packages available is available here.

8 Comments

  1. Christian October 26, 2015 7:50 am  Reply

    Tried tcpdump on my new Netgear R7000, but it does not work with Tomato v1.28.0000 -129 K26ARM USB AIO-64K. Worked fine many years on my old wrt54gl with tomato 1.28 (where I placed tcpdump on cifs1).
    Now it does not matter if I use tcpdump from cifs1 or copy it onto Netgear-router, always getting error:
    ./tcpdump: line 1:EL@@4P4: not found
    ./tcpdump: line 2: Ã: not found
    ./tcpdump: line 3: Ð: not found
    ./tcpdump: line 6: syntax error: unexpected \”(\”
    root@R7000:/tmp# PuTTY

    • Deeeze December 31, 2017 11:14 pm  Reply

      Probably wrong arch. This tcpdump is for a MIPS processor:

      tcpdump: ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, corrupted section header size

  2. gans October 19, 2017 3:31 am  Reply

    ./tcpdump: line 1:EL@@4P4: not found

    the same bug 🙁

  3. flo December 20, 2017 5:43 am  Reply

    I hat better success with optware on my stock asus RT-AC66 firmware
    get http://tomatousb.org/local–files/tut:optware-installation/optware-install.sh -O – | tr -d \’\\r\’ > /tmp/optware-install.sh
    chmod +x /tmp/optware-install.sh
    sh /tmp/optware-install.sh
    befire I modified the install script so that it installs it self in the /tmp
    I don\’t have anyway write permission on a stock firmware.
    After I just ipkg install tcpdump and it works

  4. beatboxchad October 20, 2018 9:23 am  Reply

    @gans, @Christian, and anybody else interested:

    I ran into the same trouble trying to install optware on a Netgear R6400. My guess was the same as @Deeeze, and I googled around looking for a more generic flavor of optware or some way to dig deeper. Super quickly, I found https://github.com/Optware/Optware-ng. Check that out. Some tasty up-to-date instructions, looks to be under active development. The ARMv7 EABI softfloat build worked flawlessly for me.

Leave a Reply