Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.

Network administrators often use Protocol Sniffers to debug remote network problems.

Here is a brief explanation on how to configure WireShark to receive MikroTik RouterOS Sniffer Stream (in TZSP format).

MikroTik RouterOS Configuration

/tool sniffer set streaming-enabled=yes \
                  streaming-server=[WireShark Host IP] 
/tool sniffer start

Wireshark configuration
Wireshark is commonly used network multiplatform protocol analyzer.
To accept sniffer’s TZSP streams:
– Make sure the host is accepting UDP in Wireshark (as TZSP uses UDP to transport data).
– Disable WCCP protocol in Wireshark (Analyze/Enabled Protocols), as that collides with TZSP (by default frames may be considered WCCP, not TZSP).

For wireless sniffer captures (interface wireless sniffer), newest Wireshark and RouterOS are needed.

Comments are closed.