Sniffing WiFi packets on an ESP32 during development.

overview image

This blog documents the network configuration used in an ESP32 test environment with some challenges:

  • The ESP32 DUT cannot practically be configured to have a wired Ethernet interface.
  • A wired Ethernet interface is needed to insert a port-sniffing router.
  • No wired Ethernet ports are available in practical proximity to development computer.

For a simpler version of port sniffing the ESP32 with a wired connection, see the prior blog EdgeRouter-X Port Mirroring: Inspect ESP32 Network Packets.

Reminder for EsdgeRouter-X settings, lost at reboot time:

# we'll monitor from eth4. (ports start at 0, left-most when facing)
sudo /sbin/switch mirror monitor 4

# start mirroring packets from eth2 onto eth4; a value of 3 means all packets
sudo /sbin/switch mirror target 2 3

Other helpful tidbits found at community.ui: “Stale DNS issue”:

# To see current DNS stats:
show dns forwarding statistics

# To clean DNS cache:
clear dns forwarding cache

# Show dns nameservers
show dns forwarding nameservers

# To show the leases on a given network:
show dhcp leases pool net_LAN_192.168.1.0-24

# To clear the stale record for ip 192.168.1.44:
clear dhcp lease ip 192.168.1.44

To add wired Ethernet to an ESP32, see prior blog: ENC28J60 ESP32

Equipment Used

Overview

We’ll connect the ESP32 Device Under Test (DUT) to the Internet:

  DUT <<--WiFi-->> Router <<--EtherNet-to-ISP-->> Internet

Although the test topology may sound complicated at first, it is actually fairly simple as shown:

DUR Actual Setup Photo

Topology

The main production network is on a completely separate LAN and ISP. That netwok uses PiHole as described in a previous blog.

The good thing about the Pi-Hole is all the DNS lookups for undesired sites are blocked. The bad thing is that during testing, a test destination address may be blocked.

The test network here will use StarLink ISP. There’s no Pi-Hole and there’s also no wired Ethernet interface. (There’s an optional Ethernet Adapter sold separately)

DUT Test Router <<-- Wired Ethernet to ISP -->> Internet

The DUT Router Setup:

DUT-Router-setup

The DUT Router LAN:

DUT-Router-LAN

The DUT Router WAN:

DUT-Router-WAN

The DUT Router Wireless:

DUT-Router-wireless

As all on-site networking equipment acts as a switch and not a hub, some sort of port spanning or mirroring will be needed to sniff packets. See prior blog on Port Mirroring.

 Test Router <<--Wired-->> Port-Sniffer <<--Ethernet-to-ISP-->> Internet

The EdgeRouter-X will be used to help sniff WiFi packets. It will sit between the wired connection of the ISP (in this case, a bridge) and the WiFi Test Router (RT1) for the DUT. The EdgeRouter-X does not have WiFi capability, but it does have a port mirroring feature.

 DUT <<--WiFi-->> Test Router <<--Wired-->> EdgeRouter-X <<--Ethernet-to-ISP-->> Internet

EdgeRouter Dashboard:

EdgeRouter-Dashboard.png

EdgeRouter Routes:

EdgeRouter-Routes.png

EdgeRouter ETH0:

EdgeRouter-Eth0

EdgeRouter ETH2:

EdgeRouter-Eth2

EdgeRouter ETH4:

EdgeRouter-Eth4

EdgeRouter Configure Port Mirror:

EdgeRouter-PortMirror.png

In order to get wired Ethernet of the EdgeRouter-X to connect to the StarLink WiFi, the AC750/RE220 is configured in bridge (extender) mode. Basically the RE220 creates a single wired-Ethernet port that is on the same subnet as the StarLink WiFi. Other network topologies may not need this.

 DUT <<-- WiFi -->> Test Router <<-- Wired -->> EdgeRouter-X <<-- Wired -->> RE220 Bridge <<-- WiFi -->> StarLink ISP -->> Internet

The RE220 home screen has this, but in reverse order (right to left):

RE220-overview

Here are the basic RE220 settings:

RE220-overview

There are LED indicators on the TP-Link AC750 (aka RE220) from page 4 of the manual:

RE220 LEDs

The ESP32 Device Under Test (DUT) connects to a Linksys Test Router (RT1) over WiFi. SSID = dut-test.

Note that in order to connect and see the test router configuration, the network cable will need to be moved from the EdgeRouter (192.168.75.x) to the Test Router (192.168.25.x) as the WiFi WAN port of a router typically does not allow inbound security config.

All clients, including WAN ports are configured in the default mode using DHCP. Actual IP addresses may vary:

The DUT Test Router Network is 192.168.25.x.

ESP32 DUT               <<  WiFi >>  Linksys Router RT1
  DHCP IP = 192.168.25.141              IP = 192.168.25.1
  Gateway = 192.168.25.1                RT = 192.168.75.1

The Linksys Router’s WAN port is connected to a Ubiquity EdgeRouter-X on ETH2. The sniffing network is 192.168.75.x.

Linksys Router RT1      << Wired >>  EdgeRouter-X RTX
  LAN     = 192.168.25.1               LAN     = 192.168.75.x
  WAN IP  = 192.168.75.43              WAN IP  = 192.168.1.121 (DHCP)
  Gateway = 192.168.75.1               Gateway = 192.168.1.1

The EdgeRouter-X’s WAN (ETH0) port is connected to the bridge:

EdgeRouter-X RTX        << Wired >>  RE220 Bridge B1
  LAN     = 192.168.75.x               LAN     = 192.168.x
  WAN IP  = 192.168.1.121              WAN IP  = (n/a in bridge mode)
  Gateway = 192.168.1.1

The RE220 Bridge is connected to StarLink over WiFi

RE220 Bridge B1         << WiFi >>   Starlink
  IP      = 192.168.1.35               IP = 192.168.1.1
  Gateway = 192.168.1.1                RT = 192.168.1.1

The development desktop computer is on the StarLink subnet at 192.168.1.243.

Admin Interfaces:

Some “special” IP addresses and names:

StarLink http://192.168.100.1/ == http://dishy.starlink.com/

RE220 http://192.168.1.35/webpages/login.html == http://tplinkrepeater.net/

Components are added by parsing each of the directories in the components directory


See also: