Difference between revisions of "Manual:Tools/Packet Sniffer"

From MikroTik Wiki
Jump to: navigation, search
(Created page with '{{ ... }} {{Versions| v2.9, v3, v4+}} __TOC__ ==Summary== <p id="shbox"><b>Sub-menu:</b> <code>/tool sniffer</code> <br /> <b>Packages required:</b> <code>system</code> </p> <br…')
 
Line 9: Line 9:
 
</p>
 
</p>
 
<br />
 
<br />
 +
 +
<p>
 +
Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).
 +
</p>
  
 
==Packet Sniffer Configuration==
 
==Packet Sniffer Configuration==
 +
 +
<p id="shbox"><b>Sub-menu:</b> <code>/tool sniffer</code></p><br />
 +
 +
<table class="styled_table">
 +
<tr>
 +
  <th width="44%">Property</th>
 +
  <th >Description</th>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>interface</b></var> (<em>integer 10..1000000000</em>; Default:<b> 10</b>)</td>
 +
    <td>The limit of the file in KB. Sniffer will stop after this limit is reached</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>file-name</b></var> (<em>string</em>; Default:<b> ""</b>)</td>
 +
    <td>The name of the file where the sniffed packets will be saved to</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>filter-address1</b></var> (<em>IP address/netmask:port</em>; Default:<b> 0.0.0.0/0:0-65535</b>)</td>
 +
    <td>The first address to filter</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>filter-address2</b></var> (<em>IP address/netmask:port</em>; Default:<b> 0.0.0.0/0:0-65535</b>)</td>
 +
    <td>The second address to filter</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>filter-protocol</b></var> (<em>all-frames | ip-only | mac-only-no-ip</em>; Default:<b> ip-only</b>)</td>
 +
    <td>Filter specific protocol
 +
*<b>ip-only</b> - Sniff IP packets only
 +
*<b>all-frames</b> - Sniff all packets
 +
*<b>mac-only-no-ip</b> - Sniff non-IP packets only
 +
</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>filter-stream</b></var> (<em>yes | no</em>; Default:<b> no</b>)</td>
 +
    <td>Sniffed packets that are devised for sniffer server are ignored</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>interface</b></var> (<em>all | ether1 | ...</em>; Default:<b> all</b>)</td>
 +
    <td>Interface management</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>memory-limit</b></var> (<em>integer 10..4294967295</em>; Default:<b> 10</b>)</td>
 +
    <td>Memory amount reached in KB to stop sniffing</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>memory-scroll</b></var> (<em>yes | no</em>; Default:<b> no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>only-headers</b></var> (<em>yes | no</em>; Default:<b> no</b>)</td>
 +
    <td>Save in the memory only packet's headers not the whole packet</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>streaming-enabled</b></var> (<em>yes | no</em>; Default:<b> no</b>)</td>
 +
    <td>Defines whether to send sniffed packets to sniffer's server or not</td>
 +
</tr>
 +
 +
<tr>
 +
    <td><var><b>streaming-server</b></var> (<em>ip address</em>; Default:<b> </b>)</td>
 +
    <td>Tazmen Sniffer Protocol (TZSP) stream receiver</td>
 +
</tr>
 +
 +
</table>
  
  

Revision as of 13:39, 14 May 2010

(needs editing)

Version.png

Applies to RouterOS: v2.9, v3, v4+

Summary

Sub-menu: /tool sniffer
Packages required: system


Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).

Packet Sniffer Configuration

Sub-menu: /tool sniffer


Property Description
interface (integer 10..1000000000; Default: 10) The limit of the file in KB. Sniffer will stop after this limit is reached
file-name (string; Default: "") The name of the file where the sniffed packets will be saved to
filter-address1 (IP address/netmask:port; Default: 0.0.0.0/0:0-65535) The first address to filter
filter-address2 (IP address/netmask:port; Default: 0.0.0.0/0:0-65535) The second address to filter
filter-protocol (all-frames | ip-only | mac-only-no-ip; Default: ip-only) Filter specific protocol
  • ip-only - Sniff IP packets only
  • all-frames - Sniff all packets
  • mac-only-no-ip - Sniff non-IP packets only
filter-stream (yes | no; Default: no) Sniffed packets that are devised for sniffer server are ignored
interface (all | ether1 | ...; Default: all) Interface management
memory-limit (integer 10..4294967295; Default: 10) Memory amount reached in KB to stop sniffing
memory-scroll (yes | no; Default: no)
only-headers (yes | no; Default: no) Save in the memory only packet's headers not the whole packet
streaming-enabled (yes | no; Default: no) Defines whether to send sniffed packets to sniffer's server or not
streaming-server (ip address; Default: ) Tazmen Sniffer Protocol (TZSP) stream receiver


Running Packet Sniffer

Sniffed Packets

Packet Sniffer Protocols

Packet Sniffer Host

Packet Sniffer Connections

[ Top | Back to Content ]