How to bridge 2 ethernet ports while sniffing their L2 traffic?

Hi, i'm hoping to sniff traffic between AT&T's network gateway and fiber ONT, to understand their 802.1x EAP communication and to locate the DHCPv6 request's client ID.

I have a router (gl inet axt1800) running 21.02, and i see it has 3 actual ethernet ports exposed as eth{0,1,2}. If i have the ONT connected to eth0 and the att gateway connected eth1, how to properly set up so that i can sniff their L2 traffic?

So far i've tried creating a bridge device with port lists of eth0 and eth1, but it seems that the att ont and gateway can't talk to each other, and i got nothing with tcpdump from the eth1 port.

Did i miss something? What other things/ways can i try?

Thanks!

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

I thought in the context of manipulating L2 traffic between (non switch VLAN'ed) ethernet ports, there won't be much difference between the upstream OpenWRT and vendor's fork for this case?

With this particular device, it isn't yet in the upstream OpenWRT codes although there's a pending PR on GitHub for that. (probably related to the qualcomm close sourced components?)

There are very significant differences between official Openwrt and what gl-inet provides. You really need to ask on their forums.