Let’s say you want to monitor devices on your network to see who sends unencrypted traffic – for instance, devices like a Nest or Withings scale.
The simplest way to do this is to run a Wireless router that uses DD-WRT.
First, enable Telnet:
Then reboot the router:
You should then be able to telnet into the router:
telnet 192.168.11.1
The username will be “root” and the password will be what you chose above.
From DD-WRT, find the list of connected devices – you’ll want to identify the hostname of the address you want to watch:
Then from your telnet session you can show the output of that devices network data:
tcpdump -l | grep android-21d3
This will then let you see the network traffic:
05:08:30.914035 IP ec2-52-72-46-195.compute-1.amazonaws.com.www > android-21d3bd 787d11c058.home.34768: Flags [F.], seq 2005764907, ack 3884437729, win 136, opti ons [nop,nop,TS val 265231201 ecr 8506691], length 0 05:08:30.954946 IP android-21d3bd787d11c058.home.34768 > ec2-52-72-46-195.comput e-1.amazonaws.com.www: Flags [.], ack 1, win 505, options [nop,nop,TS val 851235 6 ecr 265231201], length 0 05:08:32.108698 IP ec2-107-23-112-131.compute-1.amazonaws.com.https > android-21 d3bd787d11c058.home.46161: Flags [P.], seq 199715238:199715269, ack 970139927, w in 82, options [nop,nop,TS val 2184533249 ecr 8506780], length 31
Remember that this is also just raw TCP output, so to really use this, you’ll want to go further to reconstruct HTTP traffic.