tcpdump is available for Tomato-based routers. The easiest way to get a working tcpdump binary is to use a statically-linked version. For most routers (MIPSR1 or MIPSR2-based) you can use this binary:
That comes from rhester72's utilities site
where he makes some of these things available to folks. I personally prefer to use Entware, but for a quick-and-dirty "I don't have time or the space to deal with Entware I just need tcpdump!" situaiton, the above works.
telnet/ssh into the router, wget the above URL, chmod 755 the binary, go to town. I'm not going to provide a "how to use tcpdump" write-up. Note: this binary does not do IPv6.
P.S. -- I wouldn't be surprised if this turns out to be an IPv6 thing. :P--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.