Watching your phone's potentially unexpected traffic through a wifi router with OpenWRT

I recently managed to get a small wifi router appliance where I can run OpenWRT firmware:

In OpenWRT, you can install many more Open Source packages. I installed netdata and tcpdump.

Here’s how: in OpenWRT’s web interface, I went to “System” → “Software” → click “Update Lists” button (then wait). Then in the “Download and install package:” textbox, one at a time I entered “tcpdump” and “netdata”, clicking the “OK” button each time, awaiting installation.

Then I connected my Android phone to the OpenWRT router’s wifi (the network interface name for that, inside the router, is “wlan0”).

Note: This OpenWRT wifi router is connected to an “upstream” router (the house’s main router, as supplied by the ISP, which does not run OpenWRT) by an ethernet cable connected to the leftmost ethernet port pictured above (which is the “WAN” port).

I can watch the Android phone’s traffic going through the wifi router somewhat by doing the following:

  1. I visited the web interface of netdata in my web browser (of my laptop, having a LAN connection to the router by the righthand ethernet port pictured above), by visiting the following URL:;theme=slate;help=true
  1. On the command line (ssh’ed in), I ran tcpdump with the following command:
tcpdump -i wlan0

Here’s a screenshot on my laptop of watching both netdata, and tcpdump, side by side, while my phone visits a website (and creates real-time activity seen by netdata and tcpdump):

Screenshot of Netdata, and tcpdump

(I couldn’t upload the above image, or Discourse would freeze on the “Processing the Image”, as it’s 1920x1280)


This interests me. How are you adding wireless to the homemade OpenWRT router? Lurking around other router project forums like pfsense and opnsense and the general wisdom seems to be to purchase and use an external AP instead.

This router comes with a CM4, which has wifi onboard. OpenWRT uses that wifi as a wireless access point by default.

I just had to set a password on the Wifi Access Point in OpenWRT, by visiting the following in its web interface, once logged in:

“Network” → “Wireless” → “Edit” button → scroll down to the “Interface Configuration” section, choose an Encryption type from the “Encryption” pulldown, and set a password in the “Key” textbox → Click “Save” button:

The wifi on the CM4 is weak sauce, for how much bandwidth and signal strength it is capable of. But it’s good for these diagniostic purposes, analyzing one phone at a time (connected to the ESSID you create in this router appliance).

1 Like

Cool cool. I’m now wondering if the advice on the other projects is due to more of a BSDism or poor WiFi driver unavailability.

1 Like

You can set the ESSID of your choosing under the “General Setup” tab, in that same “Interface Configuration” place:

In order to save the output of the tcpdump command in a text file, for later analysis, here’s how I did that.

I have a USB stick with a single VFAT partition on it. I plugged this into one of the router’s USB3 ports. This automounts on the mount point “/mnt/sda”.

My tcpdump command became fancier, so as to also save the output to a text file:

tcpdump -i wlan0 | tee /mnt/sda/My_Phones_Name.txt

Of course, Crtl+C exits the tcpdump command.

When I was finished, I unmounted the USB stick safely with the command, before pulling it out of the USB3 port:

umount /dev/sda1
1 Like