I tried to use the packet sniffer on the mikrotik. My question is how can i make it work with wireshark because i cannot log all the information on a RB???
I have seen the option bellow but for some reason i can make it work
I have a setup like this: router 1 (192.168.2.1)<-IP Tunnel->router2(172.16.0.1)1. configure sniffer to stream to device running wireshark:
/tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.box
/tool sniffer start
2. make sure you accept UDP in wireshark (as TZSP uses UDP to transport data)
3. if you are streaming wireless sniffer captures (interface wireless
sniffer), make sure you have newest
wireshark and newest routeros
4. you may need to disable WCCP protocol in wireshark (Analyze/Enabled
Protocols), as that collides with TZSP and by default frames may be
considered WCCP, not TZSP.
And i have a workstation ip address 192.168.2.5
Now with wireshark i get all the useless junk layer 2/boradcasts and stuff, but if i try and add a filter like:
Host 172.16.0.5 - nothing is displayed in wireshark
I saw somewhere in the forum that i should specify : tzsp on the filter, but that will give me an error.
Can someone point me in the right direction? I am basically trying to get the packets running through the tunnel between the 2 subnets.
Thank you.