Question

RUT955 - tcpdump doesn't seem to be able to capture packets between LAN ports, only br-lan (LAN <-> WAN).

Having looked at the spec sheet for the Atheros AR9344 it appears (and I may be wrong) that the RUT955 (AR9344) has an internal hardware switch separate to the cpu (connected by one of x2 gigabit NICs) which is why this type of capture is not working.

As per the AR9344 datasheet: "Internal 10/100 Ethernet switch with 4 LAN ports and one WAN port. The AR9344 integrates two GB Ethernet MACs that are connected to the Ethernet WAN port and switch."

Can you confirm this (that it's not possible) or let me know how I can capture (specifically UDP port 22000 with tcpdump) packets that are going between the LAN ports (not WAN) of the RUT955.

Thank you!

*UPDATE*
By configuring the WAN port to be part of the LAN, tcpdump captures as expected but I have now lost my physical WAN port...  I am using the Wireless for my WAN connection but would still like to know the answer to the above as it's not ideal to have lost the physical WAN port.

Answer 1

Hello,

You can create two LAN networks (for example 192.168.1.0 and 192.168.2.0)

Assign one device IP from 192.168.1.0 subnet and assign other device IP from 192.168.2.0 subnet

Then configure port based VLAN (Network > VLAN > Port Based)

Assign one port 192.168.1.0 network and 192.168.2.0 for other network.

Then router will see UDP 22000 packets because it will actually route them.

Another way would be to configure the device which sends UDP packets to port 22000 to send it to broadcast ip (If network is 192.168.1.0/24 broadcast would be 192.168.1.255) so every device in configured subnet receives the packet