Hi,
I’m looking for port mirroring based on bridge, which could be used on device without switch chip.
Is there such feature?
How can I achieve software-based port mirroring? Thanks.
AFAIK you cannot. Only some switch chips can do port mirroring, but not the (software) bridges.
But the question is what is your application case? You can sniff directly on Mikrotik or forward the sniffed data TZSP-encapsulated to some other machine.
I’d like to implement permanent TAP device. Sniff tool in ROS with streaming feature may work, but it seems to be something you run temporarily. Start->capture->Stop. Not for permanent usage.
Well, you can run the sniffer permanently if you do not let it write to a file and if you do not need it for any other purpose (as only one sniff can run at a time) and if you use a script to start it after eventual power outage.
If that does not suit your use case, you need a device with a switch chip.
You could use mange rule to permanently sniff traffic:
/interface bridge settings
set use-ip-firewall=yes
/ip firewall mangle
add action=sniff-tzsp chain=forward in-bridge-port=ether6 in-interface=bridge-lan sniff-target=x.x.x.x sniff-target-port=37008
Make sure you disable or specifically exclude fasttrack.