Mikrotik and Wireshark Remote Packet Capture

A brief manual, how to setup Mikrotik to capture traffic based on IPv4 address and stream the captured data to a remote device with Wireshark…

Mikrotik console

/tool sniffer
set filter-interface=all 
    filter-ip-address=SNIFFED_CLIENT_IP/32 
    filter-stream=yes 
    streaming-enabled=yes 
    streaming-server=WIRESHARK_SERVER_IP

Wireshark

Setup packet capture on the selected interface.

Apply filter tzsp.

Mikrotik start/stop capturing

/tool sniffer start
/tool sniffer stop
Advertisements
This entry was posted in Linux, Mikrotik, Security, Server and tagged , , , . Bookmark the permalink.