Summary

Sometimes packet captures can be useful for identifying strange problems on the LAN that prevent phone registration. This article tells you how to collect packet captures using a recommend Buffalo DD-WRT router.

Procedure

  1. Download and install WINSCP – a SCP/FTP client
  2. Download and install PuttyTel – a telnet client (any telnet enabled client will work for this)
  3. Download and install Wireshark and make sure you install the correct version (32 vs 64 bit). This is the program that allows you to read the files created from the tcpdump command.
  4. Log into your Buffalo DD-WRT device and navigate to Security > Firewall.
  5. Navigate to Services > Enable Telnet. Click apply.
  6. Navigate to Services > NAS, ensure that you have added a File Sharing username for yourself at the bottom of the page – note that you do not need to have ProFTPD enabled.
  7. You will be greeted with a log in prompt – log in using the username “root” and your router’s web UI password 
    • NOTE – THIS IS A LINUX SYSTEM AND YOU ARE LOGGED IN AS ROOT. THAT MEANS YOU CAN DO ANYTHING YOU WANT WITHOUT THE SYSTEM ASKING QUESTIONS. BE CAREFUL AND DO NOT DO SOMETHING IF YOU ARE UNSURE OF THE CONSEQUENCES.
  8. Type ls and hit enter
    • This command “lists” all of the current items in the directory you are in. You start your telnet session in the root directory of the FTP accessible portion of the DD-WRT Linux system.
  9. Make a directory/folder for you to store your packet captures in. Type “mkdir <folder name>”.
    • For example we named the file “pcaps” so the command that was input was “mkdir pcaps” – now there is a folder in the root directory called “pcaps”.
  10. Type cd pcaps and hit enter
    • You want to be able to save our packet captures in the pcaps folder, so you need to navigate to this directory (cd stands for change directory).
  11. Type tcpdump src <ip address> -w <filename>.pcap
    • To initiate a packet capture on Linux you simply enter and run the command “tcpdump” – however, this captures every packet the device is seeing, which can be a lot to sift through. To narrow it down, need to pick a source (“src”) IP address to capture to and from, this will simply run the packet capture but not save it – to save it we need to add yet another string to the command, -w, which saves the file as the name and file type we specify. To save it as a pcap – simply make this portion “-w filename.pcap”.
    • Start the tcpdump command, then replicate the issue you're trying to investigate, then hit CTRL+C to stop the tcpdump.
  12. Open WinSCP and FTP to the router – note the newly created "pcaps" folder. Open that folder, then find the file you want. Right click on that file, click copy, and then copy it to your PC.
    • You'll want to connect with the router over port 21 (FTP)
  13. Use Wireshark and select "open a previous capture" – navigate to where you saved your pcap file and open it in Wireshark. You can now see all of the packets that were captures and you can open them line by line.