Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: Failed to execute call dispatcher target for entry '/admin/network/cshark_link_list_get'.
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: The called action terminated with an exception:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: /usr/lib/lua/luci/controller/cshark.lua:108: module 'uci' not found:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no field package.preload['uci']
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file './uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/share/lua/uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/share/lua/uci/init.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci/init.lua'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file './uci.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/uci.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: no file '/usr/lib/lua/loadall.so'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: stack traceback:
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: [C]: in function 'require'
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: /usr/lib/lua/luci/controller/cshark.lua:108: in function </usr/lib/lua/luci/controller/cshark.lua:107>
Sat Feb 1 19:42:18 2020 daemon.err uhttpd[1356]: (tail call): ?
I'm confused by what you're asking. The saved file simply opens in Wireshark. I advise reviewing a Linux manual on tcpdump for details regarding how to configure the capture filter.
You can directly stream the packet output from tcpdump via SSH to wireshark. Here is a good example where you output the tcpdump traffic via SSH to a pipe on your local machine, and have wireshark read from it in real time:
I highly recommend sticking with tcpdump, since it's easier and you can easily tweak your capture filters to exclude any potential SSH traffic or other you might not want captured.
You can also make use of OpenWRTs firewall to mirror specific traffic to your Wireshark client. You'd have to install the iptables-mod-tee package and load that module.
An example I can give is:
iptables -t mangle -I PREROUTING -i br-lan -s 192.168.1.B -j TEE --gateway 192.168.1.A
iptables -t mangle -I POSTROUTING -o br-lan -d 192.168.1.B -j TEE --gateway 192.168.1.A
Where B is the device we want to mirror all traffic for, and A is the endpoint device where we will be monitoring traffic with Wireshark.
A modified example where you mirror all UDP traffic on port 53 going through interface br-lan, EXCEPT any traffic with the source/destination address 192.168.1.3:
iptables -t mangle -I PREROUTING -i br-lan -p udp --dport 53 ! -s 192.168.1.3 -j TEE --gateway 192.168.1.3
iptables -t mangle -I POSTROUTING -o br-lan -p udp --sport 53 ! -d 192.168.1.3 -j TEE --gateway 192.168.1.3