asked 2020-12-29

Problem... Packets that are being delivered to a "Superbox" are not showing up in wireshark. What I think I know... My router is a Linksys wrt1900 using OpenWrt. While watching video on a TV and using "OpenWrt, Realtime graphs connections", Openwrt indicates a tcp connection between the Superbox ( and a server on the internet:yyyy. The connection shows steady increments in Transfer (Packets) count. When I powercycle/startup the superbox, Wireshark shows some "initialization traffic" to/from and/or the ethernet address of the Superbox. None of the packets that are streaming video content to the Superbox show up in Wireshark. The Superbox is configured for ethernet. It does not have a wifi connection. My final goal, after getting to the point that I can visualize all packets to/from the Superbox is: Try to resolve/understand video "stopping events". The host for Wireshark is Windows 10 version 20H2. Question... What could be blocking visibility of Superbox packets in Wireshark? There is evidence that Wireshark is on the same wire as the Superbox, because initialization traffic from the Superbox is visible in Wireshark. Is there some sort of "encryption" applied to the inbound packets to the Superbox that cause Wireshark to not see or display them? That seems unlikely since OpenWrt "sees/counts" traffic to/from the Superbox. My next "Research" step will be: Discover if Roku traffic does the same thing? TIA. Any help appreciated.

Trying to capture Roku packets to/from the Pluto TV app produces the same problem. OpenWrt does show a connection and "traffic" but the packets do not show up in Wireshark. Hmmm??? I feel like I am missing something "simple".

You need to mirror the traffic from/to your "Superbox" to your capture client (Windows). Have you set up an mirror port on your OpenWRT router to do so? Which is the source (bridge, vlan or port)? Do you use any capture filter? Can you provide the capture that you've already done, so that we can see which initialization traffic has been already captured?

JasMan ( 2020-12-29 )

You're seeing broadcast / multicast traffic only, see here for info on capture setup.

Jasman and Jaap are correct. I did not understand the VLAN features of the Linksys WRT1900, using OpenWrt. I was "ASSuming" all the ethernet ports on the Linksys were bridged. That is not the case. After I added/configured "mirroring" of ethernet port 2 to ethernet port 1 on the Linksys router, I can "see" all the traffic to/from the devices that are "streaming" video. Ethernet port 1 is a computer running Wireshark and Ethernet port 2 is connected to the rest of the devices on the network.

PeeBoo ( 2020-12-31 )

