Hello,
It would be possible to accomplish this by enabling tcpdump on any selected device and downloading the file using task manager on RMS and issuing uci commands. As an example, I'm leaving a brief reply regarding the configuration of this case. Please note that tcpdump can fill up router RAM very quickly if there is a lot of traffic and it may slow down the device to a crawl if left unchecked - make sure that the tcpdump runs only for as long as it needs to, otherwise disable the service and remove the file (or reboot the router) after downloading it on RMS. I'll include this step (command) in the example.
Note: If tcpdump package is installed/exists on the device, skip step 0.
0. If tcpdump package is not installed on the device, please install it via package manager by navigating to Services>Package Manager and adding the package.
Alternatively, the package can be installed via CLI by issuing the following commands:
opkg update
opkg install tcpdump
We're gonna create 2 task groups - one for enabling the tcpdump service and one for disabling the service, downloading the file and then removing it
1. Login to the RMS, make sure the required device is online, then go to "Devices" on the sidebar, select "Management>Task Manager" and click on "Add new task group". Copy and paste these commands in the command field. I'm including every available option using the uci commands, modify or remove some of them as needed.
uci set system.system.tcp_dump='1'
uci set system.system.tcp_mount='/tmp'
uci set system.system.log_proto='tcp'
uci set system.system.tcp_dump_interface='eth1'
uci set system.system.tcp_inout='out'
uci set system.system.tcp_host='1.1.1.1'
uci set system.system.tcp_port='443'
uci commit && /etc/init.d/tcpdebug reload
Leave the timeout setting as is if it doesn't take more than 10 seconds to execute the command. Deselect the "Stop task group on failure" option and save the task group.
2. Create a second task group, this one will disable the tcpdump service, then download the file and then it will delete the .pcap file to make sure it doesn't take up all the space on the device.
2.1 First task type is "Command", it will disable the tpcdump logging.
uci set system.system.tcp_dump='0' && uci commit && /etc/init.d/tcpdebug reload
Leave the timeout setting as is if it doesn't take more than 10 seconds to execute the command. Deselect the "Stop task group on failure" option.
2.2 Next, click on "Add additional task". Select task type as "Download file". For the file path field, enter the following:
/tmp/tcpdebug.pcap
Deselect the "Stop task group on failure" option.
2.3 Click on "Add additional task" again, this time it will be the "Command" type. Enter the following command to make sure .pcap file gets removed after it is downloaded via RMS:
rm -f /tmp/tcpdebug.pcap
Deselect the "Stop task group on failure" option. When everything is done, save the task group.
Note: naturally, due to how many settings and variables are being used here, some of them can and should be modified according to circumstances.
Once this is done, the tcpdump file will be downloaded to RMS in this order:
Enable the service and start packet capture [execute first task] --> Stop the service, download the packet capture and then delete it from the device [execute second task] --> Download the .pcap file from RMS via Files menu
If some step doesn't work correctly, let me know.
Best regards,
Tomas.
