Tjyylli

Boss asked me to sign a resignation paper without a date on it along with my new contract

How to politely refuse in-office gym instructor for steroids and protein

Why don't key signatures indicate the tonic?

Removing whitespace between consecutive numbers

Potential client has a problematic employee I can't work with

Why did the villain in the first Men in Black movie care about Earth's Cockroaches?

Why zero tolerance on nudity in space?

In Linux what happens if 1000 files in a directory are moved to another location while another 300 files were added to the source directory?

How do you catch Smeargle in Pokemon Go?

What is the difference between rolling more dice versus fewer dice?

Is there a verb that means to inject with poison?

Count repetitions of an array

Looking for a specific 6502 Assembler

What happens when the wearer of a Shield of Missile Attraction is behind total cover?

Is there a lava-breathing lizard creature (that could be worshipped by a cult) in 5e?

Bash script to truncate subject line of incoming email

Explanation of a regular pattern only occuring for prime numbers

How to assess the long-term stability of a college as part of a job search

After checking in online, how do I know whether I need to go show my passport at airport check-in?

Globe trotting Grandpa. Where is he going next?

What is the wife of a henpecked husband called?

Is there a defined priority for pattern matching?

How much mayhem could I cause as a fish?

How to not let the Identify spell spoil everything?

Tenda MW6 mesh is talking to baidu - how do I evesdrop with a linux router?

Guest wifi mode on a secondary routerDD-WRT: How To Do Multiple APs on Wired Network?Double Port Forwarding with two routers on the same networkDD-WRTs Repeater Bridge Mode and additional virtual interfaces with own DHCP rangeShould my router bandwidth log “see” traffic between two devices on the same switch?Cannot connect to second router wirelessHow to setup a Zyxel router in Bridged mode?Slow speeds with using old router as a switchISP modem/router, how do I enable Bridged Mode and use my own router?Shall I give my secondary router a reserved IP through DHCP or ARP?

0

I recently picked up a set of tenda MW6 mesh units - I'm running this in "bridged" mode, since that's the only option that turns off their dhcp server. The primary mesh unit connected to a DIY linux router (ubuntu, with firewalld. The full setup is here) - which allows me to run a few more interesting tools to monitor my traffic. The linux router provides DHCP and DNS and has 3 ports bridged together to a single interface, and the primary mesh unit is on one of these ports. I can apparently run tcpdump and pick up traffic going through the mesh units

I'm running the mesh units in bridged mode, if that matters, and the backhaul to the secondaries are over wireless. The tendas are managed through a phone application but its local, with no cloud accounts set up.

                Router - Runs ubuntu + firewalld

                192.168.1.1

                  +

                  |

                  |

                  |

                  v

                  Primary Mesh Node (Tenda MW6) 192.168.1.99

                   +

 Secondary         |        Secondary

192.168.1.91 <-----+-----> 192.168.1.87

I noticed using iftop that the devices talk to 45.113.192.102 - an IP that seems to belong to a chinese search engine called baidu, and tcpdump indicates that all 3 nodes are connecting to the IP over http

01:43:00.987943 IP 192.168.1.99.34783 > 45.113.192.102.http: Flags [F.], seq 1, ack 1, win 913, length 0

is an example of the output of tcpdump at my main router. At this point - though I'm stuck. Is there any way I can check what the traffic is?

wireless-networking router security

share|improve this question

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

add a comment | 

0

I recently picked up a set of tenda MW6 mesh units - I'm running this in "bridged" mode, since that's the only option that turns off their dhcp server. The primary mesh unit connected to a DIY linux router (ubuntu, with firewalld. The full setup is here) - which allows me to run a few more interesting tools to monitor my traffic. The linux router provides DHCP and DNS and has 3 ports bridged together to a single interface, and the primary mesh unit is on one of these ports. I can apparently run tcpdump and pick up traffic going through the mesh units

I'm running the mesh units in bridged mode, if that matters, and the backhaul to the secondaries are over wireless. The tendas are managed through a phone application but its local, with no cloud accounts set up.

                Router - Runs ubuntu + firewalld

                192.168.1.1

                  +

                  |

                  |

                  |

                  v

                  Primary Mesh Node (Tenda MW6) 192.168.1.99

                   +

 Secondary         |        Secondary

192.168.1.91 <-----+-----> 192.168.1.87

I noticed using iftop that the devices talk to 45.113.192.102 - an IP that seems to belong to a chinese search engine called baidu, and tcpdump indicates that all 3 nodes are connecting to the IP over http

01:43:00.987943 IP 192.168.1.99.34783 > 45.113.192.102.http: Flags [F.], seq 1, ack 1, win 913, length 0

is an example of the output of tcpdump at my main router. At this point - though I'm stuck. Is there any way I can check what the traffic is?

wireless-networking router security

share|improve this question

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

add a comment | 

I recently picked up a set of tenda MW6 mesh units - I'm running this in "bridged" mode, since that's the only option that turns off their dhcp server. The primary mesh unit connected to a DIY linux router (ubuntu, with firewalld. The full setup is here) - which allows me to run a few more interesting tools to monitor my traffic. The linux router provides DHCP and DNS and has 3 ports bridged together to a single interface, and the primary mesh unit is on one of these ports. I can apparently run tcpdump and pick up traffic going through the mesh units

I'm running the mesh units in bridged mode, if that matters, and the backhaul to the secondaries are over wireless. The tendas are managed through a phone application but its local, with no cloud accounts set up.

                Router - Runs ubuntu + firewalld

                192.168.1.1

                  +

                  |

                  |

                  |

                  v

                  Primary Mesh Node (Tenda MW6) 192.168.1.99

                   +

 Secondary         |        Secondary

192.168.1.91 <-----+-----> 192.168.1.87

I noticed using iftop that the devices talk to 45.113.192.102 - an IP that seems to belong to a chinese search engine called baidu, and tcpdump indicates that all 3 nodes are connecting to the IP over http

01:43:00.987943 IP 192.168.1.99.34783 > 45.113.192.102.http: Flags [F.], seq 1, ack 1, win 913, length 0

is an example of the output of tcpdump at my main router. At this point - though I'm stuck. Is there any way I can check what the traffic is?

wireless-networking router security

share|improve this question

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

                Router - Runs ubuntu + firewalld

                192.168.1.1

                  +

                  |

                  |

                  |

                  v

                  Primary Mesh Node (Tenda MW6) 192.168.1.99

                   +

 Secondary         |        Secondary

192.168.1.91 <-----+-----> 192.168.1.87

01:43:00.987943 IP 192.168.1.99.34783 > 45.113.192.102.http: Flags [F.], seq 1, ack 1, win 913, length 0

share|improve this question

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

share|improve this question

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371

asked 17 mins ago

Journeyman Geek♦Journeyman Geek

112k44217371