Hi All,
I made a wireshark dissector for EoIP tunnels (Ethernet over IP from Mikrotik), it will show the EoIP header.
With the tunnel id. It also show the protocols inside. Like mac addresses, vlan id.
It’s a quick hack but its powerfull for troubleschooting. I’m still looking into my EoIP mtu problem and with wireshark being able to decoded the packets I was able to double check stuff.
I hope by sharing this I might get some good input on my other post. 
http://forum.mikrotik.com/t/eoip-mtu-setting-not-working-with-packets-being-bridged/86203/1
I’ts written in Lua, so you can easily loaded on wireshark without compiling it.
You need to disable the GRE module and decode using the EoIP module.
-- Quick hack of Mikrotik EoIP readable by Wireshark
-- Harry Otten March 2015 (ho@case.to) v1
trivial_proto = Proto("EoIP","Mikrotik EoIP Protocol")
function trivial_proto.dissector(buffer,pinfo,tree)
pinfo.cols.protocol = "EoIP"
local subtree = tree:add(trivial_proto,buffer(0,8),"Mikrotik EoIP")
subtree:add(buffer(2,2),"Protocol Type: " .. buffer(2,2))
subtree:add(buffer(4,2),"Length encapsulated frame: " .. buffer(4,2):uint())
subtree:add(buffer(6,2),"Tunnel ID: " .. buffer(6,1):uint() + buffer(7,1):uint()*256)
eth = Dissector.get("eth")
eth:call(buffer:range(8):tvb(), pinfo,tree)
end
-- load the udp.port table
ip_table = DissectorTable.get("ip.proto")
ip_table:add(47,trivial_proto)
Header format (taken from https://github.com/katuma/eoip):
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| GRE FLAGS 0x20 0x01 | Protocol Type 0x6400 | = MAGIC "\x20\x01\x64\x00"
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encapsulated frame length | Tunnel ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethernet frame... |
Cheers,
Harry