[goofy3785]

I have a server on the network that's connected via ethernet that I would like to send all traffic to be monitored with wireshark.

This is the code I found in the forum to do this but it seems be obsolete and there's a new way to go about this. Here's a screenshot:
https://i.imgur.com/TCtI8cz.png

When I wireshark the ethernet adapter I don't see any mirrored traffic. Any ideas what I am missing?

Here's the specs of the router:
Router Name DD-WRT
Router Model Netgear R6400 v2
Firmware Version DD-WRT v3.0-r44627 (10/22/20)
Kernel Version Linux 4.4.240 #1265 SMP Wed Oct 21 08:34:03 +04 2020 armv7l

[egc]

First of all your build is old and outdated current is 49392.

After update reset to defaults and rebuild manually, is strongly recommended.

Remove the entries from startup and firewall.

First test from command line and if it works Save startup.

You need the -j TEE.

The negation has been changed it should now precede the -d e.g ! -d
(or was it the other way around)

Anyway test from command line and view with iptables -vnL -t mangle

P.S not all builds have the TEE target

[eibgrad]

IIRC, the old method used the TEE module, but now requires the ROUTE module.

Also, you may have to load the ROUTE module explicitly.

[eibgrad]

P.S. What you might want to consider instead is capturing an output file w/ tcpdump (which will likely require an Entware install, plus the tcpdump package), then import that to WireShark.

Depending on what you're trying to do, dealing w/ an *active* flow of traffic during analysis can be difficult. It's sometimes better to just capture the data for some defined period of time and deal w/ it offline.

In some cases, such as no support for TEE and/or ROUTE, that may be your *only* viable option.

[goofy3785]

[egc]

@eibgrad is not the ROUTE for older kernels and TEE for newer?

I can use TEE and tcpdump on my router (R6400)

[eibgrad]

[egc]

I just checked unfortunately it is just me I added tcpdump and the TEE module myself.

It looks like both are missing from regular builds

[eibgrad]

[eibgrad]

[eibgrad]

Another option for the OP is to install FT (FreshTomato). Even if only for diagnostic purposes. As I said, it works fine for me, at least w/ my RT-AC68U. And FT supports the Netgear r6400 v2 as well. Just save your current dd-wrt config before updating to FT, so you easily return to it.

Of course, if the diagnosis is specific to the behavior of the dd-wrt router itself, that's doesn't make sense. But I don't know the OP's intentions here.

[egc]

That is why I have those

I will upload modules tomorrow if I can find what is necessary.
I think it is something more besides TEE

About upgrading, I would recommend it, lots of updates and security fixes, that build is from 2020 I think

Besides the modules I have are for the latest kernel version and might not work with older kernels

[Alozaros]

yep as it's advised TEE or ROUTE...i had some struggle to make TEE to work, reading tons of threads in the past...
best bet Wireshark on TAP or tcpdump exported, but to have all the traffic stored on the router side, or on USB or fetched anywhere especially on high traffic it could be a playful game...that's where tap device comes handy...you can add a switch or hub to this port and try via those instead of tap, but on high load same issue...

also 3.0-r44627 is old and full of unpatched security flaws as well lacks of updated binaries, two of those are DNSmasq (the back bone of DDWRT) and SSL... so, if you prefer stability over security, at least you know now..!!

[egc]

attached tcpdump for Broadcom arm/ K4.4
for AC68U /R7000 / R6400 etc.

I am not sure if it has any dependencies but otherwise simply extract, copy to /tmp, make executable and run from /tmp with ./tcpdump

[Alozaros]

i simply have it via Entware although is one version older..
tcpdump - 4.9.3-4

but its installed by default on my R7000 as well R7800...no idea witch version..i guess BS maintains the most recent...
is sure need lib libpcap - 1.10.1-1