Tags: #Arch Linux #Wireshark #packet #capture #security #MikroTik
Mikrotik: Remote Packet Capture in Wireshark
Posted on June 7, 2014
A brief manual, how to setup a Mikrotik device to capture traffic based on IPv4 address and stream the captured data to a remote device with Wireshark…
Mikrotik
The setup that needs to be performed in RouterOS is as follows:
/tool sniffer
set filter-interface=all
filter-ip-address=SNIFFED_CLIENT_IP/32
filter-stream=yes
streaming-enabled=yes
streaming-server=WIRESHARK_SERVER_IP
Wireshark
In Wireshark, the following steps are necessary:
- a packet capture setup on the selected interface and
- the
tzsp
filter applied.
The Capturing Process (in Mikrotik)
Start:
/tool sniffer start
Stop:
/tool sniffer stop