Sniff packets between two LAN devices


I would like to be able to sniff packets between two lan devices using the Omnia (Wi-Fi 6).

This is the situation:

  1. The WAN interface is connected and configured to provide access to the LAN devices
  2. The two LAN devices are connected to two of the LAN ports

So far, by simply running tcpdump on the Omnia, the only packets I am able to see are the one that are adressed to, or coming from the Omnia itself (and not any direct communication between the two lan devices).
After some research, this seems to make sense, as from what I have seen in the documentation, every lan port is connected to the switch-chip and not directly to a ethx (CPU) interface. I suppose the packets are being switched before getting to any ethx (CPU) interface.

One thing I thought about to make the packets go through the SoC is to link one lan port to one CPU interface and the other lan port to the other CPU interface.
However, as mentioned in this post: Secondary WAN on LAN4 port, it seems that a problem with the DSA driver in OpenWRT prevents from using the second CPU interface, and I did not manage to find any bugtracker about this issue so I am not sure if this still applies.

So my question is: is there any way to be able to see the direct communication of the two LAN devices with tcpdump from the Omnia? Either by using the eth0 and eth1 interfaces or any other way?

Thanks in advance.

force the clients route the traffic through your omnia?

And use you omnia as default gateway.

But depending on your use case that might not be sufficient

EDIT: haha, /32 is not a good idea… will come up with better idea later :slight_smile:
Not my brightest moment……

If you need full L2 sniffing from your omnia you might be able to do some afpacket magic. Kind of what you would do with a snort inline ips setup.

Hi @tac2, thanks for your replies

I failed to mention that one goal of the setup I want to achieve is to be transparent from the LAN devices point of view. So modifing the clients route is not an option here.

For your second reply, I am afraid I really can’t do any magic from the Omnia OS because from my understanding the packets don’t even reach the SoC (disregarding the forced route option).

You can try to set up a port mirroring and have all traffic on one port copied to another port where you can have the sniffer running.

1 Like

Yes you are correct the switch must be involved somehow.

Just tested, I think this will indeed work for me!

Thank you very much

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.