Quote from: allddd on December 09, 2025, 08:32:48 PMI'm still not sure how well this will work though since the filter log directory can contain >30GB of files.What behaviour would you expect from an application in such an situation? Many apps just freeze or crash :)
# tcpdump "tcp[tcpflags] & (tcp-ack) = 0" and port 443 and net 170.239.160.0/24 -n -c20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp6s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:08:41.852675 IP 170.239.160.240.18672 > 172.18.19.2.https: Flags [S], seq 1368460929, win 64240, options [mss 1452,nop,wscale 6,nop,nop,sackOK], length 0
16:08:41.854005 IP 170.239.160.240.18672 > 172.18.19.2.https: Flags [S], seq 1368460929, win 64240, options [mss 1452,nop,wscale 6,nop,nop,sackOK], length 0
16:08:41.854053 IP 170.239.160.240.18672 > 172.18.19.2.https: Flags [S], seq 1368460929, win 64240, options [mss 1452,nop,wscale 6,nop,nop,sackOK], length 0
16:08:44.481879 IP 170.239.160.4.51266 > 172.18.19.2.https: Flags [S], seq 465277211, win 65535, options [mss 1460,sackOK,TS val 2434516034 ecr 0,nop,wscale 8], length 0
16:08:44.481880 IP 170.239.160.4.51266 > 172.18.19.2.https: Flags [S], seq 465277211, win 65535, options [mss 1460,sackOK,TS val 2434516034 ecr 0,nop,wscale 8], length 0
16:08:44.483950 IP 170.239.160.4.51266 > 172.18.19.2.https: Flags [S], seq 465277211, win 65535, options [mss 1460,sackOK,TS val 2434516034 ecr 0,nop,wscale 8], length 0
16:08:44.852749 IP 170.239.160.4.51266 > 172.18.19.2.https: Flags [S], seq 465277211, win 65535, options [mss 1460,sackOK,TS val 2434516034 ecr 0,nop,wscale 8], length 0
16:08:49.442890 IP 170.239.160.37.57579 > 172.18.19.2.https: Flags [S], seq 3965481071, win 29200, options [mss 1460,sackOK,TS val 1886380011 ecr 0,nop,wscale 5], length 0
16:08:49.443691 IP 170.239.160.37.57579 > 172.18.19.2.https: Flags [S], seq 3965481071, win 29200, options [mss 1460,sackOK,TS val 1886380011 ecr 0,nop,wscale 5], length 0

Quote from: ivpenna on December 10, 2025, 09:27:55 PM- Every device connected to ports 4 or 5 TL-SG105E would get an IP address from 192.168.101.0/24 subnet (tag 20)So if the AP has no VLAN configuration, you have to add these port as untagged to the VLAN20.