When I use tcpdump from the GUI (System->Administration->Troubleshoot->Enable TCP dump) and Select interface = br-lan, with Host = 192.168.1.3 and Port = 502 I see all the traffic boing through the br-lan.
uci show system | grep tcp
system.system.tcp_port='502'
system.system.tcp_dump='1'
system.system.tcp_mount='/tmp'
system.system.tcp_dump_interface='br-lan'
system.system.tcp_inout='inout'
system.system.tcp_host='192.168.1.3'
br-lan is bridging eth0 & eth1.
eth0 <-> PC (192.168.1.10)
eth1 <-> PLC (192.168.1.3 [modbus slave])
I intend to capture the Modbus Master traffic in/out on br-lan.
Firmware = RUT36X_R_00.07.04.3
If I execute the trace directly from the CLI then the results are as expected: traffic between 192.168.1.1 & 192.168.1.3 (502).
tcpdump -C 2 -W 1 -i br-lan -w /tmp/tcpdebbug.pcap 'host 192.168.1.3 and port 502'
My guess: the tcpdump filter is not being populated.
in /etc/inet.d/tcpdebug I see: config_get filter "system" tcp_dump_filter ""
but this uci config parameters doesn't exist (see uci show system | grep filter). Therefore the filter variable never gets populated!
BTW: the -W 1 option in the tcpdebug script is being ignored when the service is started via GUI. The pcap file will roll over to pcap1, etc.
Update: I have a working tcpdebug script now and have uploaded it.