1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[ DoT Study ] ######MBM DoT Study#######

Discussion in 'Asuswrt-Merlin' started by SomeWhereOverTheRainBow, Jul 23, 2019.

  1. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Regular Contributor

    Joined:
    Jun 4, 2019
    Messages:
    127
    I want to first of all thank my Loyal followings of #Nobody.

    Here is another @SomeWhereOverTheRainBow thread-cast
    #my-first-one-ever
    List of things needed.
    • Asuswrt-Merlin(384.12 and up preferred) or with DoT entware setup
    • putty (SSH client)
    • entware
    • tcp-dump
    • wireshark

    Okay so this is a guide for doing tcp-dump studies of DoT with wireshark. To start off you will need both of them.

    wireshark can be obtained for your favorite OS of choice at (windows or mac it appears)
    https://www.wireshark.org/#download

    First you must enable SSH option on the router under Administrations tab, which you can then access using your routers default IP via SSH client on a computer.

    You must have entware installed for your tcp-dump dreams to occur you can use
    https://www.snbforums.com/threads/amtm-the-snbforum-asuswrt-merlin-terminal-menu.42415/
    to obtain a copy of AMTM brought to us by @thelonelycoder , who has made it easy to install entware.

    After installing entware,

    You can then install tcp-dump via copy-paste commands into SSH client

    Code:
    opkg install tcp-dump
    Next a script of sorts needs to be made, copy and paste
    nano /jffs/scripts/DoTStudy.sh
    Code:
    #!/bin/sh
    
    HHMM=$(date +"%H%M")
    
    tcpdump -G 59 -W 1 -s 0 -ni eth0 -p port 853 -w /tmp/mnt/"ChangeToYourlocation"/a${HHMM}.pcap 2> /dev/null
    You will need to modify the /tmp/mnt/"ChangeToYourlocation"/ to something that you would like to use for storage it can be any location that is persistent and has reasonable storage space.

    ctrl+x
    and y + enter to save

    for executable status

    chmod 755 /jffs/scripts/DoTStudy.sh

    For minute by minute DoT-Study, next cru a DoT-Study that can be added to services-start script within jffs for persistent use or can be ran manually via command line (only good for one reboot).
    cru a DoT-Study "*/1 * * * * /jffs/scripts/DoTStudy.sh"

    This will now minute by minute create pcap files to your location of choice (/tmp/mnt/"ChangeToYourLocation" can be any where persistent and reasonable in size), which can be examined by wireshark.

    Credits Go Out to
    @Martineau (provided the idea in a previous thread from along time ago....)
    @RMerlin (provided platform for everything to thrive on..)
    @thelonelycoder (provided AMTM to make our lives easier..)
    @anyone-else-I-did-not-mention
     
    Last edited: Jul 23, 2019
  2. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Regular Contributor

    Joined:
    Jun 4, 2019
    Messages:
    127
    upload_2019-7-23_9-52-18.png
    these are some of the type of things you would expect to see. it gives you a better understanding and appreciation of what is going on.