Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.
Network administrators often use Protocol Sniffers to debug remote network problems.
Here is a brief explanation on how to configure WireShark to receive MikroTik RouterOS Sniffer Stream (in TZSP format).
MikroTik RouterOS Configuration
/tool sniffer set streaming-enabled=yes \ streaming-server=[WireShark Host IP] /tool sniffer start |
Wireshark configuration
Wireshark is commonly used network multiplatform protocol analyzer.
To accept sniffer’s TZSP streams:
– Make sure the host is accepting UDP in Wireshark (as TZSP uses UDP to transport data).
– Disable WCCP protocol in Wireshark (Analyze/Enabled Protocols), as that collides with TZSP (by default frames may be considered WCCP, not TZSP).
For wireless sniffer captures (interface wireless sniffer), newest Wireshark and RouterOS are needed.