Title here
Summary here
Capture the network traffic of a device
Requirements
- your PiRogue VPN is up and running
- one or more devices are connected to it
Learn how to capture network traffic
This guide will help you deepen your understanding of capturing network traffic.
... in 3 steps
Get the name of the isolated network interface
A PiRogue, regardless of its operating mode, has 2 network interfaces. One to get access to the Internet named external interface and one named isolated interface to connect the devices to. The name of these 2 interface can be found in the system configuration of PiRogue.
The name of the isolated network interface can be found with the command below by looking at the ISOLATED_INTERFACE property:
pirogue-admin-client system get-configurationℹ️ How to get the isolated network interface
In this example, the name of the isolated network interface is wg0.
pi@pirogue ➜
# Example of getting the isolated network interface
pi@pirogue ➜
pirogue-admin-client system get-configuration
DASHBOARD_PASSWORD: [redacted] ENABLE_DHCP: 'True' ENABLE_PUBLIC_ACCESS: 'True' EXTERNAL_ADDRESS: [redacted] EXTERNAL_INTERFACE: ens2 EXTERNAL_NETWORKS: [redacted]/32 ISOLATED_ADDRESS: 10.8.0.1 ISOLATED_INTERFACE: wg0 <-- isolated interface ISOLATED_NETWORK: 10.8.0.0/24 PUBLIC_CONTACT_EMAIL: [redacted] PUBLIC_DOMAIN_NAME: [redacted] PUBLIC_EXTERNAL_ADDRESS: [redacted] SYSTEM_HOSTNAME: pirogue-vpn-1 SYSTEM_OPERATING_MODE: wireguard WIFI_COUNTRY_CODE: FR WIFI_PASSPHRASE: [redacted] WIFI_SSID: PiRogue1
pi@pirogue ➜
|
Identify Wireguard peers
The Wireguard peers configured on your PiRogue are not named, a peer is identified by its ID only. If you want to associate a peer to an individual, you have to store this information separately, ideally not on your PiRogue. We suggest you keep track of the peers the following way:
| Date | Peer ID | Peer IP address | Individual |
|---|---|---|---|
| 2024-10-23 | 2 | 10.8.0.2 | John |
| 2024-10-23 | 3 | 10.8.0.3 | Lea |
| 2024-10-27 | 6 | 10.8.0.9 | Camilla |
ℹ️ How to find the IP address of a peer
The IP address of a peer is specified in the configuration of each peer, it corresponds to the Address. It’s specified using CIDR notation, ignore the value after the /.
In this example, we want to get the IP address of peer 2.
pi@pirogue ➜
# Example of getting the IP address of peer 2
pi@pirogue ➜
pirogue-admin-client vpn get-peer-config 2
[Interface] Address = 10.8.0.2/24 <--- IP address of peer 2 PrivateKey = WLzm+auxiGXJJDf/74TsS4hnAU4mViJxR8XfpJUviW0= DNS = 10.8.0.1[Peer] EndPoint = 51.159.150.9:51820 PublicKey = dQzDsS2BQPjNjI2PG4hGAQX7AQ2xhFZnuMvV2beLj30= AllowedIPs = 0.0.0.0/0 PersistentKeepAlive = 20
pi@pirogue ➜
|
Capture the network traffic
With PiRogue, it’s easy to capture the network traffic of all devices at once or the network traffic of a single device.
Capture the whole network traffic
Simply use tcpdump and specify the name of the isolated interface:
tcpdump -i [isolated interface] -w [PCAP file]In the command above, replace
[isolated interface]with the name of the isolated interface[PCAP file]with the name of the file that will contain the network traffic
Press Ctrl+C to stop the capture.
Capture the network traffic of a single device
Use tcpdump, specify the name of the isolated interface and the IP address of the device:
tcpdump -i [isolated interface] host [device IP address] -w [PCAP file]In the command above, replace:
[isolated interface]with the name of the isolated interface[device IP address]with the IP address of the device whose traffic you want to capture[PCAP file]with the name of the file that will contain the network traffic
Press Ctrl+C to stop the capture.
ℹ️ How to capture the network traffic of a device
In this example, the name of the isolated network interface is wg0, 10.8.0.2 is the IP address of the device and the network traffic will be saved in the file /tmp/traffic.pcap.
pi@pirogue ➜
# Example of getting the isolated network interface
pi@pirogue ➜
tcpdump -i wg0 host 10.8.0.2 -w /tmp/traffic.pcap
tcpdump: listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes ^C476 packets captured 476 packets received by filter 0 packets dropped by kernel
pi@pirogue ➜
|
The PCAP file can be opened with Wireshark.