Scenario:

• You want to capture a lot of network traffic that is flowing through your libreCMC router.
• You don’t have much disk space on your libreCMC router, so you need that traffic streamed to your desktop computer.
• You want to analyze the traffic with Wireshark.

On the Desktop

christopher@nightshade:~/Scratch$ nc -l -p 30293 > out.pcap

On this side, netcat (nc) listens (-l) on port (-p) 30293, and dumps incoming data to out.pcap file.

On the Router

On the libreCMC router, you need tcpdump and netcat:

root@libreCMC:~# tcpdump -i eth1 udp port 51413 -w - | nc 10.0.0.3 30293
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes

Tcpdump captures the network traffic you want.

• -i eth1 means capture from interface eth1, in this case my WAN interface.
• udp port 51413 means capture UDP protocol data with source or destination port 51413 (my Bitorrent port). See the Manual page for other expressions.
• -w – means save the packet data and send it to the standard output stream.

Netcat (nc) streams this data over TCP to IP address 10.0.0.3 (my desktop computer) port 30293.

With Wireshark

Once you have as many packets as your heart desires, CTRL-C one of the processes, and then run Wireshark on the pcap data:

christopher@nightshade:~/Scratch$ wireshark out.pcap

Then use Wireshark to display cool looking graphs!

Troubleshooting

Often desktop computer firewalls are configured to block incoming ports by default. So you may need to open that incoming port — port 30293 in the example.