Manual:Tools/Packet Sniffer

From MikroTik Wiki
< Manual:Tools
Revision as of 13:44, 14 May 2010 by Kirshteins (talk | contribs) (Packet Sniffer Configuration)
Jump to: navigation, search

(needs editing)

Version.png

Applies to RouterOS: v2.9, v3, v4+

Summary

Sub-menu: /tool sniffer
Packages required: system


Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).

Packet Sniffer Configuration

Sub-menu: /tool sniffer


Property Description
interface (integer 10..1000000000; Default: 10) The limit of the file in KB. Sniffer will stop after this limit is reached
file-name (string; Default: "") The name of the file where the sniffed packets will be saved to
filter-address1 (IP address/netmask:port; Default: 0.0.0.0/0:0-65535) The first address to filter
filter-address2 (IP address/netmask:port; Default: 0.0.0.0/0:0-65535) The second address to filter
filter-protocol (all-frames | ip-only | mac-only-no-ip; Default: ip-only) Filter specific protocol
  • ip-only - Sniff IP packets only
  • all-frames - Sniff all packets
  • mac-only-no-ip - Sniff non-IP packets only
filter-stream (yes | no; Default: no) Sniffed packets that are devised for sniffer server are ignored
interface (all | ether1 | ...; Default: all) Interface management
memory-limit (integer 10..4294967295; Default: 10) Memory amount reached in KB to stop sniffing
memory-scroll (yes | no; Default: no)
only-headers (yes | no; Default: no) Save in the memory only packet's headers not the whole packet
running (read-only) If the sniffer is started then the value is yes otherwise no
streaming-enabled (yes | no; Default: no) Defines whether to send sniffed packets to sniffer's server or not
streaming-server (ip address; Default: ) Tazmen Sniffer Protocol (TZSP) stream receiver

Running Packet Sniffer

Sniffed Packets

Packet Sniffer Protocols

Packet Sniffer Host

Packet Sniffer Connections

[ Top | Back to Content ]