segunda-feira, 4 de janeiro de 2016

Mikrotik - Usando remote sniffer

Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.

Network administrators often use Protocol Sniffers to debug remote network problems.
Here is a brief explanation on how to configure WireShark to receive MikroTik RouterOS Sniffer Stream (in TZSP format).

MikroTik RouterOS Configuration
/tool sniffer set streaming-enabled=yes \
                  streaming-server=[WireShark Host IP] 
/tool sniffer start
Wireshark configuration
Wireshark is commonly used network multiplatform protocol analyzer.
To accept sniffer’s TZSP streams:
– Make sure the host is accepting UDP in Wireshark (as TZSP uses UDP to transport data).
– Disable WCCP protocol in Wireshark (Analyze/Enabled Protocols), as that collides with TZSP (by default frames may be considered WCCP, not TZSP).
For wireless sniffer captures (interface wireless sniffer), newest Wireshark and RouterOS are needed. 



0 comentários: