ESP8266 Packet Sniffing

As I said in the To-Do list section, one of my goals was to capture some packets from the ESP8266 temperature sensor setup to show that the data is indeed very easy to read.

This took more time than I expected, as I decided to set up a raspberry pi as an acces point for the Esp8266 and use it to capture the traffic going through. I mainly did this because setting up mirroring on the router(s) I’d be using was a bit of a pain, plus there was a LOT of background traffic to have to sift through, since it was a shared router.

There wasn’t a huge amount to it: I basically just followed these instructions, although you’ll want to omit the step titled “Update hostapd” if you’re not using an Adafruit WiFi adapter (which I wasn’t).

Following this, I just installed tshark on the raspberry pi with:

sudo apt-get install tshark

After this, I added a user to the “wireshark” group with:

sudo usermod -a -G wireshark <username>

After doing this, remember to log out and then log back in for the changes to take effect, else they won’t, and you won’t be able to run tshark… Which is why I wasted a few minutes googling the problem…

Next, I just modified and uploaded my sketch in the Arduino IDE to use the SSID and password for the raspberry pi access point (see the “Configure Access Point” step of the “Install Software” section of the Adafruit guide to change these).

I set up the ESP8266 and temperature sensor as before and used the serial management console in Arduino to make sure it connects to the access point.

Now we’re ready to capture some packets:

tshark -i wlan0 -w /home/pi/espcapture.pcap

This will capture all packets being sent between the Pi and the Esp8266. You could change the interface to eth0 to see what’s going between your router and the pi, but frankly it will largely be the same stuff you see, alongside any other traffic being sent/received by background processes on the Pi. Hit Ctrl+C after a minute or so and you should have a good sample.

Finally, make sure you’ve installed Wireshark on your computer, then grab the file from the Pi (I use WinSCP because of personal preference, but FileZilla and other FTP clients are great too) and open it using Wireshark to see the contents of the files. Since they’re unsecured HTTP GET requests, they pretty much get sent in plain text, which should appear as follows:


This snippet of the output from Wireshark shows clearly the private key that I was using, as well as the temperature reading, completely unobscured, and obtained with completely free software!

Definitely not the way to go if you’re sending sensitive or critical information, and it could also compromise the security of other systems (i.e. the private key)…

Next, I will probably try to set up a simple web server on the raspberry pi and send information there so that I can try to implement some security measures in the ESP8266 firmware, and modify the server-side code to be able to handle this. If I find that something like HTTPS can be used, the Pi might not be necessary, but we’ll see!