superbox nopackets
Problem... Packets that are being delivered to a "Superbox" are not showing up in wireshark. What I think I know... My router is a Linksys wrt1900 using OpenWrt. While watching video on a TV and using "OpenWrt, Realtime graphs connections", Openwrt indicates a tcp connection between the Superbox (192.168.2.2:xxxx and a server on the internet:yyyy. The connection shows steady increments in Transfer (Packets) count. When I powercycle/startup the superbox, Wireshark shows some "initialization traffic" to/from 192.168.2.2 and/or the ethernet address of the Superbox. None of the packets that are streaming video content to the Superbox show up in Wireshark. The Superbox is configured for ethernet. It does not have a wifi connection. My final goal, after getting to the point that I can visualize all packets to/from the Superbox is: Try to resolve/understand video "stopping events". The host for Wireshark is Windows 10 version 20H2. Question... What could be blocking visibility of Superbox packets in Wireshark? There is evidence that Wireshark is on the same wire as the Superbox, because initialization traffic from the Superbox is visible in Wireshark. Is there some sort of "encryption" applied to the inbound packets to the Superbox that cause Wireshark to not see or display them? That seems unlikely since OpenWrt "sees/counts" traffic to/from the Superbox. My next "Research" step will be: Discover if Roku traffic does the same thing? TIA. Any help appreciated.
Trying to capture Roku packets to/from the Pluto TV app produces the same problem. OpenWrt does show a connection and "traffic" but the packets do not show up in Wireshark. Hmmm??? I feel like I am missing something "simple".
You need to mirror the traffic from/to your "Superbox" to your capture client (Windows). Have you set up an mirror port on your OpenWRT router to do so? Which is the source (bridge, vlan or port)? Do you use any capture filter? Can you provide the capture that you've already done, so that we can see which initialization traffic has been already captured?