Question

I have a RUT230 modem currently and having issues recently with unknown traffic. The SIM card I have installed has suddenly been uploading around 1GB a day and is causing me issues.

Is there a way to work out where the traffic is coming from/to? I was going to run something like wire shark however not sure if that would be possible as it would on check the traffic between my laptop and the RUT.

The modem talks to a device which monitors instruments on the field. I am not sure if it would be best to block all traffic bar the IP address of my phone for example or maybe set up some sort of VPN into the network? I’m just not sure.

Any advice would be appreciated.

Zap

Answer 1

Hello,

It won't hurt to look at the Connections tab, you'll have the source/dest/ports and volumes exchanged. Or you can run tcpdump on the TUT230 but the filtering may not be easy. You can try something like:

tcpdump -i any -n -v 'not host ip_of_laptop'

or if you have a linux box around you can try:

ssh rut230 tcpdump -i any -n -U -s0 -w - 'not host ip_of_laptop' | sudo wireshark -k -i -

Regards,

Comments

Hello,

Thank you for contacting.

You can monitor traffic in the webui itself in Status>Mobile Traffic. 

But for the deep inspection you need to enable tcp dump in the system>Administration>Troubleshoot>TCP Dump.

After enabling , you can see downloading the tcp dump file there. And you can see where the data is being consumed. 

Thank you.

Regards,

Ahmed

---

With firmware version 7.x.x. there is no option for TCP Dump in the troubleshoot section.

How to I get a TCP dump now?

---

Download the package:

opkg update; opkg install tcpdump.

You can also try darkstat, it will give a very detailled view of the fows.