Sniffing WiFi packets on an ESP32 during development.
This blog documents the network configuration used in an ESP32 test environment with some challenges:
- The ESP32 DUT cannot practically be configured to have a wired Ethernet interface.
- A wired Ethernet interface is needed to insert a port-sniffing router.
- No wired Ethernet ports are available in practical proximity to development computer.
For a simpler version of port sniffing the ESP32 with a wired connection, see the prior blog EdgeRouter-X Port Mirroring: Inspect ESP32 Network Packets.
Reminder for EsdgeRouter-X settings, lost at reboot time:
# we'll monitor from eth4. (ports start at 0, left-most when facing) sudo /sbin/switch mirror monitor 4 # start mirroring packets from eth2 onto eth4; a value of 3 means all packets sudo /sbin/switch mirror target 2 3
To add wired Ethernet to an ESP32, see prior blog: ENC28J60 ESP32
- ESP32-WROOM32, the Device Under Test (DUT)
- Starlink Dishy (any ISP should work)
- TP-Link AC750 WiFi Extender (RE220) (not required)
- Ubiquity EdgeRouter-X (used for port mirroring)
We’ll connect the ESP32 Device Under Test (
DUT) to the Internet:
DUT <<--WiFi-->> Router <<--EtherNet-to-ISP-->> Internet
Although the test topology may sound complicated at first, it is actually fairly simple as shown:
The good thing about the Pi-Hole is all the DNS lookups for undesired sites are blocked. The bad thing is that during testing, a test destination address may be blocked.
DUT Test Router <<-- Wired Ethernet to ISP -->> Internet
DUT Router Setup:
DUT Router LAN:
DUT Router WAN:
DUT Router Wireless:
As all on-site networking equipment acts as a switch and not a hub, some sort of port spanning or mirroring will be needed to sniff packets. See prior blog on Port Mirroring.
Test Router <<--Wired-->> Port-Sniffer <<--Ethernet-to-ISP-->> Internet
The EdgeRouter-X will be used to help sniff WiFi packets. It will sit between the wired connection of the ISP (in this case, a bridge)
and the WiFi Test Router (
RT1) for the
DUT. The EdgeRouter-X does not have WiFi capability, but it does have a port mirroring feature.
DUT <<--WiFi-->> Test Router <<--Wired-->> EdgeRouter-X <<--Ethernet-to-ISP-->> Internet
EdgeRouter Configure Port Mirror:
In order to get wired Ethernet of the EdgeRouter-X to connect to the StarLink WiFi, the AC750/RE220 is configured in bridge (extender) mode. Basically the RE220 creates a single wired-Ethernet port that is on the same subnet as the StarLink WiFi. Other network topologies may not need this.
DUT <<-- WiFi -->> Test Router <<-- Wired -->> EdgeRouter-X <<-- Wired -->> RE220 Bridge <<-- WiFi -->> StarLink ISP -->> Internet
The RE220 home screen has this, but in reverse order:
Here are the basic RE220 settings:
The ESP32 Device Under Test (DUT) connects to a Linksys Test Router (RT1) over WiFi. SSID =
Note that in order to connect and see the test router configuration, the network cable will need to be moved from the EdgeRouter (192.168.75.x) to the Test Router (192.168.25.x) as the WiFi WAN port of a router typically does not allow inbound security config.
All clients, including WAN ports are configured in the default mode using DHCP. Actual IP addresses may vary:
The DUT Test Router Network is
ESP32 DUT << WiFi >> Linksys Router RT1 DHCP IP = 192.168.25.141 IP = 192.168.25.1 Gateway = 192.168.25.1 RT = 192.168.75.1
The Linksys Router’s WAN port is connected to a Ubiquity EdgeRouter-X on
ETH2. The sniffing network is
Linksys Router RT1 << Wired >> EdgeRouter-X RTX LAN = 192.168.25.1 LAN = 192.168.75.x WAN IP = 192.168.75.43 WAN IP = 192.168.1.121 (DHCP) Gateway = 192.168.75.1 Gateway = 192.168.1.1
The EdgeRouter-X’s WAN (
ETH0) port is connected to the bridge:
EdgeRouter-X RTX << Wired >> RE220 Bridge B1 LAN = 192.168.75.x LAN = 192.168.x WAN IP = 192.168.1.121 WAN IP = (n/a in bridge mode) Gateway = 192.168.1.1
The RE220 Bridge is connected to StarLink over WiFi
RE220 Bridge B1 << WiFi >> Starlink IP = 192.168.1.35 IP = 192.168.1.1 Gateway = 192.168.1.1 RT = 192.168.1.1
The development desktop computer is on the StarLink subnet at
Some “special” IP addresses and names:
StarLink http://192.168.100.1/ == http://dishy.starlink.com/
RE220 http://192.168.1.35/webpages/login.html == http://tplinkrepeater.net/
Components are added by parsing each of the directories in the components directory