From my experience, tcpdump connects to the interface and you will see all traffic regardless of firewall settings, given you have the permissions.
In your case I'd first verify that layer 2 is working correctly (layer 2 is ethernet or wifi). So I'd use the utilities provided by "wpa_supplicant" or "iw" to see if the "hardware connection" is working as expected.
If your wifi card didn't connect on layer 2 it has no reasons to configure layer 3 (IP, IPv6) and above.
Well, layer 2 works, if it is needed for connections between the client and the access point.
Layer 2 should already see mac addresses, right? Can you point me to a command, which scans on layer 2 for all macs? I seem to only find how to see the available access points (which works as expected) and using nmap to ping around - which fails as expected :-/
Do you know any command to query the interface regarding routing information (similar to what `ip route` does on layer 3 for the whole machine)?
On layer 2 there is no routing. That's the reason why you need to configure a default route and possibly static routes. Unfortunately I'm not very experienced in debugging wifi but I'd probably start to investigate using some sniffer, e.g. Kismet [1] (not a recommendation, just the first reasonable search result). One hunch though: was there any update to hostapd that might have enabled WPA3? This might be the totally wrong direction but I've read on multiple occasions that old hardware (e.g. Android tablets from 2012) and WPA3-enabled APs don't work well together. Regards, Uwe [1] https://www.kismetwireless.net/
Regards,
Uwe
regards, Erich