Wireshark is a open-source protocol analyzer that can visualize the frames passing through the router. This analyzer is available on many platforms, but can not run directly on the router.
While one could run tcpdump directly on the router, interpreting its output takes a bit of work. Another option run tcpdump on the router and pipe its output to wireshark on a Linux host.
To capture traffic on bridge br0, use the following commands on a Linux host.
ssh rtr "tcpdump -i br0 -w – ‘not ((src host rtr and src port 22) or (dst host rtr and dst port 22))’" > /tmp/$PPID. &
wireshark -k -i /tmp/$PPID
Instead we forward all packets from an interface on the router to a Linux host with the protocol analyzer.
Prepare the router
cd /jffs wget http://www.secdev.org/projects/etherpuppet/files/etherpuppet-mipsel chmod 755 etherpuppet-mipsel
Prepare the Linux host
wget http://hg.secdev.org/etherpuppet/raw-files/top/etherpuppet.c gcc -o etherpuppet etherpuppet.c sudo yum install wireshark-gnome sudo usermod -a -G wireshark $NAME
Instruct the router to forward all packets on the bridge that joins the LAN and wireless traffic (br0).
./etherpuppet-mipsel -i br0 -s 999 -C
Receive the packets on the Linux host and start the protocol analyzer.
sudo ./etherpuppet -m -c rtr2.vonk:999 &
sudo ifconfig puppet0 up sudo wireshark # select interface puppet0
In Wireshark select the puppet0 interface.