The built-in tcpdump payload from switch position 1 will save standard pcap files to a loot folder on a USB flash drive. This payload doesn’t require any configuration to use, other than having a properly formatted USB flash drive.

The USB flash drive must be formatted in either the NTFS (Windows, Mac OSX) or EXT4 (Linux) file system. This is of particular importance since most USB drives come formatted with a FAT32 or exFAT file system.

  1. Plug a USB drive formatted in NTFS or EXT4 into the USB host port on the right side of the Packet Squirrel.
  2. Flip the switch to position 1 to select the built-in tcpdump payload. Position one is on the far left, closest to the Micro USB power port.
  3. Plug the device you want to capture packets from into the Ethernet In port. It’s the Ethernet port on the left side above the Micro USB power port. This could be a computer, a network printer, an IP camera, or similar.
  4. Plug the network into the Ethernet Out port. That’s the one on the side with the USB type A female port.
  5. Power on the Packet Squirrel with a Micro USB cable and any ordinary USB power adapter like a smartphone charger, a computer’s USB port, USB battery bank, etc…
  6. Wait 40 seconds while the Packet Squirrel boots up, indicated by a flashing green LED. Once booted, tcpdump will begin saving pcap files containing the packets between the two Ethernet links to a loot folder on the inserted USB disk, indicated by a single flashing yellow LED.
  7. When you’re ready to stop capturing packets, press the button atop the Packet Squirrel. The LED will flash red to indicate that the file has completed writing to the USB flash drive. It is now safe to unplug the Packet Squirrel, remove the USB flash drive, and inspect the stored pcap file with a protocol analyzer such as Wireshark.

The tcpdump payload will write a pcap file to a connected USB disk until the disk is full. A full disk will be indicated by a solid green LED.

If the Packet Squirrel is powered off before pressing the button, the file may be corrupt or unreadable.

If the Packet Squirrel is unable to read the USB disk (for example if the disk has not been formatted as NTFS or EXT4) the payload will fail, indicated by a blinking red LED.