NAT32 Image

Reference Manual

[ Back]

HOW TO capture Fritz!Box     DSL traffic in real time

HOW TO capture Fritz!Box  WLAN traffic in real time

HOW TO capture Fritz!Repeater    traffic in real time

HOW TO capture interface traffic and display it in Wireshark [Wireshark Trace]

Be sure to enter your FritzBox password with command: set fbpwd mypassword


[FritzBox Status popup] [FritzBox Status popup] DSL Stats, DSL Graph, Calls, Call List (CSV)

[FritzBox Status popup] [FritzBox Status popup] [FritzBox Status popup] [FritzBox Status popup] [FritzBox Status popup] DSL Stats, DSL Graph, Calls, Call List (CSV) Calls


Both the Fritz!Box and the Fritz!Repeater have a packet trace feature that works by requesting a special URL that returns a traffic trace for a specified interface in the form of a libpcap formatted file. When the trace is terminated, the saved trace file can be viewed using software such as WireShark that displays the traffic in a readable form.

While this feature is quite useful, it has the major disadvantage that one cannot view the traffic in real time. The trace must be started, run for as long as is required, and then stopped. Only then can Wireshark be started in order to display the trace.

NAT32 can request a trace from the Fritz!Box or the Fritz!Repeater and then pipe the received data to a shell command (tdump) that decodes the data and prints it to the standard output device. The standard output can be redirected to a NAT32 Monitor window for subsequent display. The display can be started and stopped as needed and can also be saved to a file for subsequent examination.

Because the NAT32 shell (unlike the Windows cmd.exe shell) executes each command of a pipeline in a separate thread, the display of the trace data occurs in real time and the user can immediately notice (and respond to) any unwanted Internet traffic originating from connected computers. This feature can be very useful for detecting viruses and applications (e.g. Skype) that may consume large amounts of DSL bandwidth for no useful purpose (from the user's point of view).

Script Files

A script file to solicit the trace from the Fritz!Box, decode it and display it in the Monitor window is shown below:

monitor on
set fbtrace 1
fbgetr "" | tdump > monitor &
A script file to terminate the trace is shown below:
fbgetr ""
sid clear
set fbtrace 0

The above scripts are contained in files fritz_on and fritz_off and can be invoked from the main NAT32 web page or the NAT32 Console.
Similar files are available for the Fritz!Repeater (fritzr_on and fritzr_off).


If your Fritz!Box requires a password for browser access, please use the NAT32 set command to store that password in the environment variable fbpwd as follows:

set fbpwd myPassword

NAT32 Version 2 uses the following TCL script to compute the required Fritz!Box Session ID:


    # sid - set or clear the FritzBox SID in global var fbsid (Fritz!OS prior to 5.50)
    #       For later Fritz!OS versions, please see file 'sid' in your NAT32 distribution.

    if {$argc > 1} {
        error "Usage: sid [clear]"

    if {$argc == 1} {
        if {$fbsid == ""} {
            error "Error: unknown SID"
        set cmd "httppost \"security:command/logout=1&sid=$fbsid\""
        exec $cmd
        set fbsid ""

    set xml [exec "httpget"]

    if {[regexp "<iswriteaccess>(1)</iswriteaccess>" $xml tmp]} {
        regexp "<SID>(.*)</SID>" $xml sid
        regsub "<SID>" $sid "" tmp2
        regsub "</SID>" $tmp2 "" result
        set fbsid $result

    if {[regexp "<Challenge>(.*)</Challenge>" $xml challenge]} {
        regsub "<Challenge>" $challenge "" tmp1
        regsub "</Challenge>" $tmp1 "" tmp2
        if {$fbpwd == ""} {
            error "Error: unknown password"
        set challenge "$tmp2-$fbpwd"
        set hash [exec "hash $challenge"]           # See note below
        set h "$tmp2-$hash"
        set cmd "httppost \"login:command/response=$h&getpage=../html/login_sid.xml\""
        set tmp1 [exec $cmd]
        regexp "<SID>(.*)</SID>" $tmp1 sid
        regsub "<SID>" $sid "" tmp2
        regsub "</SID>" $tmp2 "" result
        set fbsid $result

Note the use of the NAT32 command hash in the above script. Because it is implemented in C, it computes the MD5 hash of the specified string very rapidly.

NAT32 Version 2 contains additional script files (fritzr_on) and fritzr_xon) that display the trace data in the Monitor window or the Trace window. In the latter case, all packet data is displayed, including protocol headers and payload data.

See Also

Fritz!Box Tips and Tricks, External Routers, httpget