Difference between revisions of "Ethereal/Wireshark"

From MikroTik Wiki
Jump to: navigation, search
 
Line 14: Line 14:
  
 
To accept sniffer TZSP stream, you have to set the configuration,
 
To accept sniffer TZSP stream, you have to set the configuration,
* To accept only TZSP traffic capture filter like this can be used  
+
* To accept only TZSP traffic, Capture Filter like this can be used  
 
<pre>
 
<pre>
 
udp port 37008
 
udp port 37008

Latest revision as of 00:01, 25 June 2016

MikroTik RouterOS configuration

Configure sniffer to stream to device running wireshark,

/tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.box 
/tool sniffer start

Ethereal/Wireshark configuration

Wireshark is commonly used network protocol analyzer for Unix and Windows, it's available for free download from project homepage, http://www.wireshark.org/

To accept sniffer TZSP stream, you have to set the configuration,

  • To accept only TZSP traffic, Capture Filter like this can be used
udp port 37008
  • Make sure you accept UDP in Wireshark (as TZSP uses UDP to transport data);
  • You may need to disable WCCP protocol in wireshark (Analyze/Enabled Protocols), as that collides with TZSP and by default frames may be considered WCCP, not TZSP;
  • For streaming wireless sniffer captures (interface wireless sniffer), make sure you have newest wireshark and newest routeros.