[tclug-list] info request

Tue Feb 11 15:46:08 CST 2020

While I'm not familiar with OpenWRT, but since it's linux, it probably
has the built in capability to capture traffic out of the box.
 I'd start by looking at the destination IP addresses, protocols
(UDP/TCP), and the destination ports.
/var/log/ufw.log (if OpenWRT uses ufw), /var/log/syslog, or wherever it
logs traffic to
MAC = which LAN device traffic originates from if not statically
assigned via DHCP
DST = destination IP
SRC = your LAN IP device (makes things easy if you statically assign
via DHCP)
PROTO = protocol
DPT = destination port the device is trying to connect to
use nslookup on the $DST
google search "port $DPT"
If you have a specific manufacturer's brand device, search for which
ports they use - Apple uses https://support.apple.com/en-us/HT202944
I have all pre-defined DHCP static addresses, and rules in my
firewall/router that (a), block all incoming connections, (b) block all
outgoing connections - except for those I define either by source,
destination, protocol, or destination port number. This is heavy-handed 
restrictions on the outgoing side that requires maintenance but nothing
escapes my LAN without me specifying it explicitly. 
I'm pretty sure that OpenWRT would be able to do the same thing.
On Mon, 2020-02-10 at 17:36 -0600, o1bigtenor wrote:
> On Mon, Feb 10, 2020 at 12:08 PM Kristopher Browne
> <kris.browne at gmail.com> wrote:
> > 
> > 
> > I would consider this a learning opportunity to instal/learnl
> > packetbeat, Elasticsearch, and kibana, rather than using tcpdump or
> > wireshark… Probably setup logging from the network devices to go
> > there too. Might be able to correlate behaviors that would be
> > harder with the disparate tools.
> > 
> The three packages you mention all would appear to be part of the
> same ecosystem.
> 
> Am looking at these as an option. Any other option to suggest?
> 
> TIA
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20200211/d1fb4381/attachment.htm>