Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.

Network administrators often use Protocol Sniffers to debug remote network problems.

Here is a brief explanation on how to configure WireShark to receive MikroTik RouterOS Sniffer Stream (in TZSP format).

MikroTik RouterOS Configuration

/tool sniffer set streaming-enabled=yes \
                  streaming-server=[WireShark Host IP] 
/tool sniffer start

Wireshark configuration
Wireshark is commonly used network multiplatform protocol analyzer.
To accept sniffer’s TZSP streams:
– Make sure the host is accepting UDP in Wireshark (as TZSP uses UDP to transport data).
– Disable WCCP protocol in Wireshark (Analyze/Enabled Protocols), as that collides with TZSP (by default frames may be considered WCCP, not TZSP).

For wireless sniffer captures (interface wireless sniffer), newest Wireshark and RouterOS are needed.

Tags: Packet Sniffing, RouterOS, Sniffer Streaming, TZSP, TZSP Stream, Wireshark

This entry was posted on Sunday, September 2nd, 2012 at 10:18 PMand is filed under . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

BLOG.BRAVI.ORG

Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.

Client IP Detector

Latest Posts

Random Posts

Post Categories

Flight Resources

Networking Resources

WordPress Plugins