Asus RT-86U addon recommendation.

[BrianWhite]

I have a couple of devices that the manufacturer says needs net access, but they cannot confirm if the data is encrypted or not.

Is there any addon, or even option in Merlin's firmware, for me to see what data is coming from those devices, if it is ENCRYPTED, and to what destination ?

Would Skynet tell me anything about that ?

I cannot just block the devices as they shut down when the WAN is blocked. I have them shaped to minimum 100kbit.

So how can I look at the traffic statistics for that device, or what command can I use through SSH on my 86U ?

 

[joe scian]

I have a couple of devices that the manufacturer says needs net access, but they cannot confirm if the data is encrypted or not.

Is there any addon, or even option in Merlin's firmware, for me to see what data is coming from those devices, if it is ENCRYPTED, and to what destination ?

Would Skynet tell me anything about that ?

I cannot just block the devices as they shut down when the WAN is blocked. I have them shaped to minimum 100kbit.

So how can I look at the traffic statistics for that device, or what command can I use through SSH on my 86U ?

Enable traffic analyser - go to statistics - display by device - choose device and you will see what the app name or protocol used and its up/down stats.

 

[BrianWhite]

Thank you for your reply.

I know it is uploading, at up to 3mbit a second, and there is 2 devices (I have 10mbit upload), so right now, I have them capped at 100 kilobit each (the lowest that the Asus Firmware will allow me to go), and the devices still seem to be "Oh cool I have Internet, so i am going to work now".

I have 25/10 Unlimited Data so how much Allowance they are using is of no importance, the Manufacturer has since said "Yes the data is Encrypted" but I do not trust them though.

I did find in the Network Tools > Netstat that this was showing up for SNAT.

cp 192.168.1.234:52108 65.8.33.89:https TIME_WAIT
tcp 192.168.1.234:53564 ec2-35-161-147-197.us-west-2.c:8883 ESTABLISHED
tcp 192.168.1.234:60978 65.8.33.16:https TIME_WAIT
tcp 192.168.1.234:43428 s3-r-w.ap-southeast-2.amazona:https ESTABLISHED
tcp 192.168.1.234:60994 65.8.33.16:https TIME_WAIT
udp 192.168.1.234:47495 ec2-54-67-76-202.us-west-1.co:10001 ASSURED
udp 192.168.1.234:47495 ec2-54-225-104-92.compute-1.a:10001 ASSURED

The Established / Assured IP's are traced back to Amazon Web services.

 

[heysoundude]

Do you lock your doors at night?
if you don't trust the security of the devices, why are they connected to your network?

 

[BrianWhite]

Do you lock your doors at night?
if you don't trust the security of the devices, why are they connected to your network?

Thank you for your reply.

I do not know where you think the front door and a device uploading data across a network is in the same context, I merely asked if there was a way, either through Plugin, or through SSH command to determine if the traffic is indeed Encrypted or not. I bet you are a barrel of laughs at a philosophical debate.

So as I said above, i I have determined that the connections are to an Amazon AWS Host.

 

[chongnt]

Have you try tcpdump? You can dump it to a file and use wireshark to have a better view of the data.
You may need to install it by opkg install tcpdump.