Let me elaborate as typing tcpdump followed by the parameters is the end part of the process
I'll assume that you don't already have any scripts installed but have used wireshark before and are familiar with the
various options to get the most out of running tcpdump from the command line.
The starting point is that you need to be able to connect to the router via SSH and be able to login. There are a number of ways that you can get tcpdump successfully installed so this is just one way to do this. All the information you need to do this is scattered in the forum but I'll provide the links so that you can go to the correct place and see the context of those posts. I'm no expert here but have managed to get it installed and working without too much fuss.
Its probably make more sense to describe the process from the end point and work backwards so that you can see why you need to do the various steps. When you run the dump program you can either have it display the data on the ssh terminal (running Putty.exe or similar on your PC) or you need to pipe the output to the usb drive. If you have it going to terminal then use <crtl>+c to stop tcpdump and return to the prompt. I personally find that its better to end the tcpdump command with a '&' (to run it in the background) and output the data to a .pcap file so that I can then use wireshark to filter it on my PC. A typical dump command with the output going to a file would be:-
- tcpdump -i eth0 -p port 853 -w /tmp/mnt/myUSB/pcap/testlogfile.pcap &
where myUSB is the name I used to label my USB drive and pcap is a directory I created to store the .pcap files in. To set up the share to let your PC connect to the USB drive go to the following page on the router once you have your USB drive added and set up
where the ip address above is replaced by that of your router. This then lets you set up a samba share such as \\AC3200\pcap which you will be able to access from Windows File Explorer on your PC.
Also note that if you run the command in the background using the '&' at the end then you cant just leave it running or it will eventually fill up all your space on your USB drive. To stop it, at the ssh prompt type "killall tcpdump" or "ps | grep tcpdump" then kill the PID (the first number displayed). ie. "kill 1234"
see here
Right, that covers running tcpdump, stopping it and then accessing the saved pcap file.
You will see in various posts that to install tcpdump you enter
opkg install tcpdump at the ssh command prompt. However to do that successfully you need to install entware first and to install entware you need to install amtm. Thankfully the process of installing both of these is well documented at the following link.
My experience was that the guide is good and even although it looked like the shortcuts in amtm were missing they were in fact there but not being displayed. As I said, once you get entware installed then you can use that to install tcpdump via
Don't be put off by all of this, its actually straight forward and very worth the effort.