On the device to capture from we set up a FIFO that will be pushed off to another device on the network with disk, in this case we are using 192.168.1.11 as the "host"
On the host, we start up netcat that will be pushed into a capture file that we can analyze later, in this instance, we are listening on port 5001 $ nc -l -p 5001 > capture.cap
In a terminal on the device we make a fifo and then push it out over the network through netcat $ mknod /tmp/fifo p $ cat fifo | nc 192.168.1.11 5001
In another terminal we do a tcpdump, excluding network traffic from the host that we are storing on, and place it into the fifo, which we are pushing over the network $ tcpdump -i br0 not host 192.168.1.11 -s 65535 -w /tmp/fifo