PiRogue Tool Suite
Capture the network traffic of a device

Requirements

  • your PiRogue is up and running
  • one or more devices are connected to it
Learn how to capture network traffic

This guide will help you deepen your understanding of capturing network traffic.

... in 2 steps

Get the name of the isolated network interface

A PiRogue, regardless of its operating mode, has 2 network interfaces. One to get access to the Internet named external interface and one named isolated interface to connect the devices to. The name of these 2 interface can be found in the system configuration of PiRogue.

The name of the isolated network interface can be found with the command below by looking at the ISOLATED_INTERFACE property:

Get the name of the isolated network interface
pirogue-admin-client system get-configuration
ℹ️ How to get the isolated network interface

In this example, the name of the isolated network interface is wg0.

pi@pirogue ➜ # Example of getting the isolated network interface
pi@pirogue ➜ pirogue-admin-client system get-configuration
DASHBOARD_PASSWORD: [redacted]
ENABLE_DHCP: 'True'
ENABLE_PUBLIC_ACCESS: 'True'
EXTERNAL_ADDRESS: [redacted]
EXTERNAL_INTERFACE: ens2
EXTERNAL_NETWORKS: [redacted]/32
ISOLATED_ADDRESS: 10.8.0.1
ISOLATED_INTERFACE: wg0  <-- isolated interface
ISOLATED_NETWORK: 10.8.0.0/24
PUBLIC_CONTACT_EMAIL: [redacted]
PUBLIC_DOMAIN_NAME: [redacted]
PUBLIC_EXTERNAL_ADDRESS: [redacted]
SYSTEM_HOSTNAME: pirogue-vpn-1
SYSTEM_OPERATING_MODE: wireguard
WIFI_COUNTRY_CODE: FR
WIFI_PASSPHRASE: [redacted]
WIFI_SSID: PiRogue1
pi@pirogue ➜ |

Capture the network traffic

With PiRogue, it’s easy to capture the network traffic of all devices at once or the network traffic of a single device.

Capture the whole network traffic

Simply use tcpdump and specify the name of the isolated interface:

Capture the whole network traffic
tcpdump -i [isolated interface] -w [PCAP file]

In the command above, replace

  • [isolated interface] with the name of the isolated interface
  • [PCAP file] with the name of the file that will contain the network traffic

Press Ctrl+C to stop the capture.

Capture the network traffic of a single device

Use tcpdump, specify the name of the isolated interface and the IP address of the device:

Capture the network traffic of a device
tcpdump -i [isolated interface] host [device IP address] -w [PCAP file]

In the command above, replace:

  • [isolated interface] with the name of the isolated interface
  • [device IP address] with the IP address of the device whose traffic you want to capture
  • [PCAP file] with the name of the file that will contain the network traffic

Press Ctrl+C to stop the capture.

ℹ️ How to capture the network traffic of a device

In this example, the name of the isolated network interface is wg0, 10.8.0.2 is the IP address of the device and the network traffic will be saved in the file /tmp/traffic.pcap.

pi@pirogue ➜ # Example of getting the isolated network interface
pi@pirogue ➜ tcpdump -i wg0 host 10.8.0.2 -w /tmp/traffic.pcap
tcpdump: listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
^C476 packets captured
476 packets received by filter
0 packets dropped by kernel
pi@pirogue ➜ |

The PCAP file can be opened with Wireshark.

Edit this page on GitHub
Prev
Connect a mobile device
Next
Capture the network traffic of a device