FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
561 views 0 comments
by anonymous
When I use tcpdump from the GUI (System->Administration->Troubleshoot->Enable TCP dump) and Select interface = br-lan, with Host = 192.168.1.3 and Port = 502 I see all the traffic boing through the br-lan.

uci show system | grep tcp
system.system.tcp_port='502'
system.system.tcp_dump='1'
system.system.tcp_mount='/tmp'
system.system.tcp_dump_interface='br-lan'
system.system.tcp_inout='inout'
system.system.tcp_host='192.168.1.3'

br-lan is bridging eth0 & eth1.
eth0 <-> PC (192.168.1.10)
eth1 <-> PLC (192.168.1.3 [modbus slave])
I intend to capture the Modbus Master traffic in/out on br-lan.
Firmware = RUT36X_R_00.07.04.3

If I execute the trace directly from the CLI then the results are as expected: traffic between 192.168.1.1 & 192.168.1.3 (502).
tcpdump -C 2 -W 1 -i br-lan -w /tmp/tcpdebbug.pcap 'host 192.168.1.3 and port 502'

My guess: the tcpdump filter is not being populated.

in /etc/inet.d/tcpdebug I see: config_get filter "system" tcp_dump_filter ""

but this uci config parameters doesn't exist (see uci show system | grep filter). Therefore the filter variable never gets populated!

BTW: the -W 1 option in the tcpdebug script is being ignored when the service is started via GUI. The pcap file will roll over to pcap1, etc.

Update: I have a working tcpdebug script now and have uploaded it.

Please log in or register to answer this question.