Tcpdump pkg ver. 4.99.4-1 still not working correctly!

seurat_atreides · February 16, 2025, 5:54pm

Hi crowd,

On OCT 2024 I posted that the tcpdump package (ver. 4.99.4-1) was still not working as expected. When you enter a host and port together with the protocol the corresponding script will generate a syntactically incorrect tcpdump command and this will therefore not be executed.
I am running my RUT360 with FW RUT36X_R_00.07.12 and I still don’t see any change in the tcpdump package.
Who else is experiencing the same issue I reported?

victoria88paul · February 17, 2025, 8:39am

Hello,
Same issue still no fix to this.

Hope it resolves soon!

Martynas · February 17, 2025, 10:12am

Hello,

Thank you for reaching out.

Could you please clarify if you’re executing the tcpdump packet capture and then downloading the TCP dump file via the WebUI (System → Maintenance → Troubleshoot), or if you’re simply running the command via SSH?

If you’re using the WebUI, make sure to press “Save & Apply” after enabling TCPdump and inserting the host and port parameters.

Additionally, it would be helpful if you could provide more details or a screenshot (if possible) that demonstrates the issue you’re encountering, especially when the described behavior occurs.

Best regards,

seurat_atreides · February 17, 2025, 7:02pm

Hi Martynas,

Please read my previous posts:

I explain there what the issue is and propose a solution.

Don’t hesitate to get back to me for more details if needed.

Regards,

elberto · March 5, 2025, 1:48pm

Hi guys!

On my RUT955, both running RUT9_R_00.07.06.17, both installed tcpdump with same commands:

opkg -e /etc/opkg/openwrt/distfeeds.conf update
opkg -e /etc/opkg/openwrt/distfeeds.conf install tcpdump

RUT955 A:

root@crsdre:~# tcpdump --version
tcpdump version 4.99.4
libpcap version 1.9.1 (with TPACKET_V3)

RUT955 B:

root@GRDI:~# tcpdump --version
tcpdump version 4.9.3
libpcap version 1.9.1 (with TPACKET_V3)

While tcpdump on router A is correctly working:

root@crsdre:~# tcpdump -i tun_c_dre port 502 -vvv -n -t
tcpdump: listening on tun_c_dre, link-type RAW (Raw IP), snapshot length 262144 bytes
IP (tos 0x0, ttl 64, id 11096, offset 0, flags [DF], proto TCP (6), length 52)
10.55.44.19.502 > 10.55.44.1.42346: Flags [.], cksum 0x4fe0 (correct), seq 1224827159, ack 417244451, win 4073, options [nop,nop,TS val 3013385588 ecr 288438453], length 0
IP (tos 0x0, ttl 62, id 4234, offset 0, flags [DF], proto TCP (6), length 52)
10.55.44.1.42346 > 10.55.44.19.502: Flags [.], cksum 0x8165 (correct), seq 1, ack 1, win 502, options [nop,nop,TS val 288440486 ecr 3013374448], length 0
IP (tos 0x0, ttl 64, id 11097, offset 0, flags [DF], proto TCP (6), length 52)
10.55.44.19.502 > 10.55.44.1.42346: Flags [.], cksum 0x400f (correct), seq 0, ack 1, win 4073, options [nop,nop,TS val 3013387604 ecr 288440486], length 0
IP (tos 0x0, ttl 62, id 4235, offset 0, flags [DF], proto TCP (6), length 52)

Here output on router B:

root@GRDI:~# tcpdump -i tun_c_openvpn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun_c_openvpn, link-type RAW (Raw IP), capture size 262144 bytes
00:00:00.1741182132 [|ip]
00:00:00.1741182132 [|ip]
00:00:00.1741182132 [|ip]
00:00:00.1741182132 [|ip]
00:00:00.1741182132 [|ip]
00:00:00.1741182132 [|ip]
00:00:00.1741182133 [|ip]
00:00:00.1741182133 [|ip]
00:00:00.1741182133 [|ip]

How can I fix?
Thanks.