Manual:Tools/Packet Sniffer

From MikroTik Wiki
Jump to: navigation, search

(needs editing)


Applies to RouterOS: v2.9, v3, v4+


Sub-menu: /tool sniffer
Packages required: system

Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).

Packet Sniffer Configuration

Sub-menu: /tool sniffer

Property Description
interface (integer 10..1000000000; Default: 10) The limit of the file in KB. Sniffer will stop after this limit is reached
file-name (string; Default: "") The name of the file where the sniffed packets will be saved to
filter-address1 (IP address/netmask:port; Default: The first address to filter
filter-address2 (IP address/netmask:port; Default: The second address to filter
filter-protocol (all-frames | ip-only | mac-only-no-ip; Default: ip-only) Filter specific protocol
  • ip-only - Sniff IP packets only
  • all-frames - Sniff all packets
  • mac-only-no-ip - Sniff non-IP packets only
filter-stream (yes | no; Default: no) Sniffed packets that are devised for sniffer server are ignored
interface (all | ether1 | ...; Default: all) Interface management
memory-limit (integer 10..4294967295; Default: 10) Memory amount reached in KB to stop sniffing
memory-scroll (yes | no; Default: no)
only-headers (yes | no; Default: no) Save in the memory only packet's headers not the whole packet
streaming-enabled (yes | no; Default: no) Defines whether to send sniffed packets to sniffer's server or not
streaming-server (ip address; Default: ) Tazmen Sniffer Protocol (TZSP) stream receiver

Running Packet Sniffer

Sniffed Packets

Packet Sniffer Protocols

Packet Sniffer Host

Packet Sniffer Connections

[ Top | Back to Content ]