tcpdump on dd-wrt router

Question

I'm trying to capture packets from two devices on my network.

I have tcpdump installed on my dd-wrt router and working correctly.

However, the only packets I capture are broadcast packets when using a tcpdump statement that states only those two devices

./tcpdump -w /tmp/capture.pcap  dst 192.168.3.105 or src 192.168.3.105 or dst 192.168.3.136 or src 192.168.3.136

I'm capturing on intefface br0. Is that correct?

Both devices are plugged in directly to the ports 1 and 2 with ip addresses 192.168.3.105 and 192.168.3.136 respectively.

Do I need to set br0 in promiscuous mode?

A little stuck. Thanks.

Answer 1

I did a bit of this a couple of years ago with my dd-wrt and looking at my old installation notes and scripts, I didn't have to put anything into promiscuous mode. I also didn't specify an interface for tcpdump. Here is the command I was using that was working for me:

/opt/sbin/tcpdump -s 1024 'host 192.168.1.111 and ((greater 137 and less 139) or (greater 900 and less 1024))' -w `date +%Y.%m.%d-%H.%M`-tcp.dmp -n -U -C 1

What happens if you use:

./tcpdump -w /tmp/capture.pcap 'host 192.168.3.105 or host 192.168.3.136'