Extended Brain Storage

Mikrotik: Remote Packet Capture in Wireshark

Posted on June 7, 2014

A brief manual, how to setup a Mikrotik device to capture traffic based on IPv4 address and stream the captured data to a remote device with Wireshark...

Mikrotik

The setup that needs to be performed in RouterOS is as follows:

/tool sniffer
set filter-interface=all 
    filter-ip-address=SNIFFED_CLIENT_IP/32 
    filter-stream=yes 
    streaming-enabled=yes 
    streaming-server=WIRESHARK_SERVER_IP

Wireshark

In Wireshark, the following steps are necessary:

  1. a packet capture setup on the selected interface and
  2. the tzsp filter applied.

The Capturing Process (in Mikrotik)

Start:

/tool sniffer start

Stop:

/tool sniffer stop

Tags: #Arch Linux #Wireshark #packet #capture #security #MikroTik

⏴ Previous Post Next Post ⏵