Joined: Tue Dec 05, 2006 5:16 am Posts: 373
Location: South Carolina
Using wireshark/ethereal is fine if you just need to capture or search for stuff. However, If you are doing an actual tap for a LEA, they would like it chunked up and hashed, which to my knowledge you can not do with wireshark... and if you could the LEA would not appreciate you looking at there data.
The simplest solution in my case is to create a Virtual machine with routerOS demo license and use that as the server.
Joined: Fri Jun 04, 2004 1:22 am Posts: 922
Location: St. Louis, MO
Just install a RouterOS server, on a HD etc. Run a demo license for 24 hours or if you need it more, install a license (not expensive). Then you will have a CALEA server for the future as well. Also, it has been suggested to allow writing this to a secondary, non system drive.
_________________ Dennis Burgess, CCNA, A+, N+, MCP, Mikrotik Certified Consultant / Trainer Need Mikrotik Support: http://www.linktechs.net -- Link Technologies, Inc. --- Author of "Learn RouterOS: Second Edition" -- routerosbook.com ---
Joined: Sun Dec 09, 2007 8:42 pm Posts: 22
so, all I need to do is start Ethereal (Wireshark), set filters to capture 'udp only'? And of course to set the analyzer to interpret those udp packets as TZSP packets, to get it all right, is that correct?
(I had got a feeling that some kind of listening server should be started, or something, but if I'm correct, wireshark is only used to intercept those udp packets and that's it)
You need a linux machine to compile and run it. It collects syslog messages from your's routeros device (there are instructions on how to use it) and adds the attackers on an address list which you can use to block them.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum