Ask Your Question
0

superbox nopackets

asked 2020-12-29 17:29:35 +0000

PeeBoo gravatar image

updated 2020-12-29 18:24:59 +0000

Problem... Packets that are being delivered to a "Superbox" are not showing up in wireshark. What I think I know... My router is a Linksys wrt1900 using OpenWrt. While watching video on a TV and using "OpenWrt, Realtime graphs connections", Openwrt indicates a tcp connection between the Superbox (192.168.2.2:xxxx and a server on the internet:yyyy. The connection shows steady increments in Transfer (Packets) count. When I powercycle/startup the superbox, Wireshark shows some "initialization traffic" to/from 192.168.2.2 and/or the ethernet address of the Superbox. None of the packets that are streaming video content to the Superbox show up in Wireshark. The Superbox is configured for ethernet. It does not have a wifi connection. My final goal, after getting to the point that I can visualize all packets to/from the Superbox is: Try to resolve/understand video "stopping events". The host for Wireshark is Windows 10 version 20H2. Question... What could be blocking visibility of Superbox packets in Wireshark? There is evidence that Wireshark is on the same wire as the Superbox, because initialization traffic from the Superbox is visible in Wireshark. Is there some sort of "encryption" applied to the inbound packets to the Superbox that cause Wireshark to not see or display them? That seems unlikely since OpenWrt "sees/counts" traffic to/from the Superbox. My next "Research" step will be: Discover if Roku traffic does the same thing? TIA. Any help appreciated.

Trying to capture Roku packets to/from the Pluto TV app produces the same problem. OpenWrt does show a connection and "traffic" but the packets do not show up in Wireshark. Hmmm??? I feel like I am missing something "simple".

edit retag flag offensive close merge delete

Comments

You need to mirror the traffic from/to your "Superbox" to your capture client (Windows). Have you set up an mirror port on your OpenWRT router to do so? Which is the source (bridge, vlan or port)? Do you use any capture filter? Can you provide the capture that you've already done, so that we can see which initialization traffic has been already captured?

JasMan gravatar imageJasMan ( 2020-12-29 21:32:36 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-29 21:36:06 +0000

Jaap gravatar image

You're seeing broadcast / multicast traffic only, see here for info on capture setup.

edit flag offensive delete link more

Comments

Jasman and Jaap are correct. I did not understand the VLAN features of the Linksys WRT1900, using OpenWrt. I was "ASSuming" all the ethernet ports on the Linksys were bridged. That is not the case. After I added/configured "mirroring" of ethernet port 2 to ethernet port 1 on the Linksys router, I can "see" all the traffic to/from the devices that are "streaming" video. Ethernet port 1 is a computer running Wireshark and Ethernet port 2 is connected to the rest of the devices on the network.

PeeBoo gravatar imagePeeBoo ( 2020-12-31 10:52:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-12-29 17:29:35 +0000

Seen: 91 times

Last updated: Dec 31 '20