Hi all!
I am currently busy with getting tcpdump to work on my Asus RT-AC68U (running Merlin's 384.17) for the following purpose: I would like to monitor if one of my wireless devices is opening a specific destination port (UDP) on the internet. it needs to exit when this attempt has been seen 3 times.
This is the command i run:
tcpdump -i any -n -nn -N -q -t src 192.168.1.71 and udp and dst port 32700 -c 3
It captures the right packets and seems to work, but I struggle with two issues:
1) Every time i have tcpdump running on the router, my Wifi connections are somehow blocked. None of the wireless devices have internet connection anymore. My wired devices appear to function normal though. The moment i kill tcpdump, all devices can access the internet again. Any clue why this is happening and how to fix it? The CPU load seems normal.
2) I use "any" for the interface to capture traffic, because no other interfaces shows the traffic of the wireless device. This to me sounds strange as the any interface would combine all traffic from all interfaces. So one of the other interfaces should render the traffic i am looking for?
Output of tcpdump -D
-----------------------
1.eth0 [Up, Running]
2.br0 [Up, Running]
3.eth1 [Up, Running]
4.vlan1 [Up, Running]
5.eth2 [Up, Running]
6.vlan2 [Up, Running]
7.tun11 [Up, Running]
8.tun21 [Up, Running]
9.lo [Up, Running, Loopback]
10.any (Pseudo-device that captures on all interfaces) [Up, Running]
11.dpsta [none]
12.ifb0 [none]
13.aux0 [none]
14.ifb1 [none]
-----------------------
Version info:
-----------------------
Merlin 384.17
Linux RT-AC68U-FAA0 2.6.36.4brcmarm #1 SMP PREEMPT Sat Apr 25 22:35:50 EDT 2020 armv7l ASUSWRT-Merlin
tcpdump version 4.9.3
libpcap version 1.9.1 (with TPACKET_V2)
-----------------------
Anyone has a clue how to fix this?
Thanks in advance!
I am currently busy with getting tcpdump to work on my Asus RT-AC68U (running Merlin's 384.17) for the following purpose: I would like to monitor if one of my wireless devices is opening a specific destination port (UDP) on the internet. it needs to exit when this attempt has been seen 3 times.
This is the command i run:
tcpdump -i any -n -nn -N -q -t src 192.168.1.71 and udp and dst port 32700 -c 3
It captures the right packets and seems to work, but I struggle with two issues:
1) Every time i have tcpdump running on the router, my Wifi connections are somehow blocked. None of the wireless devices have internet connection anymore. My wired devices appear to function normal though. The moment i kill tcpdump, all devices can access the internet again. Any clue why this is happening and how to fix it? The CPU load seems normal.
2) I use "any" for the interface to capture traffic, because no other interfaces shows the traffic of the wireless device. This to me sounds strange as the any interface would combine all traffic from all interfaces. So one of the other interfaces should render the traffic i am looking for?
Output of tcpdump -D
-----------------------
1.eth0 [Up, Running]
2.br0 [Up, Running]
3.eth1 [Up, Running]
4.vlan1 [Up, Running]
5.eth2 [Up, Running]
6.vlan2 [Up, Running]
7.tun11 [Up, Running]
8.tun21 [Up, Running]
9.lo [Up, Running, Loopback]
10.any (Pseudo-device that captures on all interfaces) [Up, Running]
11.dpsta [none]
12.ifb0 [none]
13.aux0 [none]
14.ifb1 [none]
-----------------------
Version info:
-----------------------
Merlin 384.17
Linux RT-AC68U-FAA0 2.6.36.4brcmarm #1 SMP PREEMPT Sat Apr 25 22:35:50 EDT 2020 armv7l ASUSWRT-Merlin
tcpdump version 4.9.3
libpcap version 1.9.1 (with TPACKET_V2)
-----------------------
Anyone has a clue how to fix this?
Thanks in advance!