Calea sniffing rules

g18c · August 5, 2015, 9:07pm

I added the below rules:

/ip firewall calea
add action=sniff chain=forward sniff-id=100 sniff-target=192.168.1.222 sniff-target-port=5555
add action=sniff chain=forward sniff-id=100 sniff-target=192.168.1.222 sniff-target-port=5555
add chain=forward sniff-target=192.168.1.222 sniff-target-port=5555
add chain=forward sniff-target=192.168.1.222 sniff-target-port=5555

But where would I see the above in the Winbox GUI?

Also if I added the below, what would the difference be between the above and the below commands?

/ip firewall mangle
add action=sniff-tzsp chain=prerouting sniff-target=192.168.1.222 \
    sniff-target-port=5555

Thanks in advance for the help

bjornr · August 6, 2015, 5:53am

From http://wiki.mikrotik.com/wiki/CALEA:

sniff - generates a tzsp stream that can be directed to any Wireshark (Ethereal) server
sniff-target - IP address of the data retention server

With your current (dulicated) rules, you submit the sniffed traffic to whatever exists on 192.168.1.222. You might want to re-read the above URL for a refresher on how CALEA is supposed to work.

I don’t think it makes much sense to add sniffing rules to the prerouting chain, but feel free to test.