Running tcpdump on Ubiquiti Airmax Equipment

Ubiquiti Airmax gear has tcpdump included. We can easily use it to capture packets to a file and then use SCP from the device to copy the file for analysis.

SSH to the device

ssh ubnt@192.168.1.20
cd /tmp/

Start tcpdump with the following command. Change ath0 and file.cap to the appropriate interface and file name.

tcpdump -i ath0 -w file.cap

After we are done collecting, we can quit with ctrl + c

Now we can use scp or sftp to copy the files off. There is an issue using scp or sftp from a normal Linux machine to the radio, fails with a “sh: /usr/libexec/sftp-server: not found”. It works fine if you initiate scp from the radio.

scp /tmp/file.cap username@remoteip:~/

How To export private SSH key on Linux

All that needs to be done is the “id_rsa” key needs to be copied to the “new” host.  You can do this with SCP or sftp.

Example with SCP

The following examples are showing how to export a RSA private key, if your using DSA, then replace id_rsa with id_dsa.

Copy private key from remote server to local machine for the local user

scp root@192.168.1.1:~/.ssh/id_rsa ~/.ssh/

Copy private key from localhost to remote host.  This command copies the local users private key to the root user @ 192.168.1.1

scp ~/.ssh/id_rsa root@192.168.1.1:~/.ssh/