Trying to packet capture on Tomato. Wireshark won't read tcpdump file. Would like to use rpcapd.

Discussion in 'Tomato Firmware' started by Tom888, Dec 24, 2018.

  1. Tom888

    Tom888 New Member Member

    I have Tomato v1.28.0000 MIPSR2-123 K26 Max on an ASUS RT-N12. I found an old tcpdump version 3.9.8. I can capture packets and "tcpdump -r capture.pcap" seems to read the file okay. I transfer the file using WinSCP in binary mode. The file transfers over in the original size okay, I use the same program to transfer tcpdump over so it seems to be working ok, but the latest version of Wireshark for Win 7 doesn't read it, I get "The file "capture.pcap" could not be opened: Unknown error." I've tried numerous other commands in tcpdump too.

    I would like to try and get rpcapd to work, but I can't find any precompiled binaries for it or tcpdump either. All old posted links are broke or the websites don't exist. I've tried to build my own in the router but wget doesn't work, and the build fails with an error about specifying some mode.

    Does anyone have any current instructions to get rpcapd functioning with actual working links to files? I could probably make due with the instructions that are out there already, it's just hard to find the files.
  2. cloneman

    cloneman LI Guru Member

  3. Tom888

    Tom888 New Member Member

    I did just get a tcpdump file to read in Wireshark. I had to use br0 instead of whatever else I was trying to use. The file from the link has an .ipk extension. Doesn't seem to be the same as my current tcpdump file.
  4. cloneman

    cloneman LI Guru Member

  5. Tom888

    Tom888 New Member Member

    I've drilled into the archive using 7zip and extracted tcpdump. I've set the chmod but every time I type in tcpdump I get a response back like the file is not even there "not found".
  6. Sean B.

    Sean B. LI Guru Member

    That indicates the binary is not meant for your system architecture. If you have entware etc installed, run "readelf -h tcpdump" and post output.
  7. rs232

    rs232 Network Guru Member

  8. Monk E. Boy

    Monk E. Boy Network Guru Member

    My thought about trying to extract a binary and using it is that if the binary isn't statically compiled with all the libraries it needs included, which isn't how most entware binaries are compiled in my (very limited) experience, then it's going to throw errors when you try to run the executable because its expecting to be able to find libraries installed on the system. Maybe it wants different version libraries from what the OS came with.

    I would try installing entware and then installing the package through entware and see if it works then. It probably will.

    Its certainly possible tcpdump is so simple that it doesn't need much beyond the libraries that are already in the OS and you've just extracted the binary for a different architecture. But making static builds isn't normally done because it balloons the size of the executable.
  9. Sean B.

    Sean B. LI Guru Member

    Missing libraries and issues of that nature will return a specific error, example:

    root@Storage:/tmp/home/root# ldd python
   => /opt/lib/ (0x400e0000)
   => /opt/lib/ (0x4006d000)
   => /opt/lib/ (0x40174000)
   => /opt/lib/ (0x4010e000)
   => /opt/lib/ (0x40304000)
   => /opt/lib/ (0x40349000)
   => /opt/lib/ (0x403ae000)
   => /opt/lib/ (0x403d8000)
   => /opt/lib/ (0x400c0000)
   => /opt/lib/ (0x403ed000)
   => /opt/lib/ (0x4056f000)
   => /opt/lib/ (0x40649000)
   => /opt/lib/ (0x407e6000)
   => /opt/lib/ (0x40056000)
    root@Storage:/tmp/home/root# mv /opt/lib/ $PWD
    root@Storage:/tmp/home/root# python
    /opt/bin/python2.7: can't load library ''
    Whereas binaries built for a different arch, and I believe even scripts with a shebang for a shell that isn't on the system, will return an error as if the file doesn't exist.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice