Ethereal/Wireshark

From MikroTik Wiki
Jump to: navigation, search

MikroTik RouterOS configuration

Configure sniffer to stream to device running wireshark,

/tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.box 
/tool sniffer start

Ethereal/Wireshark configuration

Wireshark is commonly used network protocol analyzer for Unix and Windows, it's available for free download from project homepage, http://www.wireshark.org/

To accept sniffer TZSP stream, you have to set the configuration,

  • To accept only TZSP traffic, Capture Filter like this can be used
udp port 37008
  • Make sure you accept UDP in Wireshark (as TZSP uses UDP to transport data);
  • You may need to disable WCCP protocol in wireshark (Analyze/Enabled Protocols), as that collides with TZSP and by default frames may be considered WCCP, not TZSP;
  • For streaming wireless sniffer captures (interface wireless sniffer), make sure you have newest wireshark and newest routeros.