Hi!
Does RouterOS 7.x series supports some kind of “ERSPAN”?
ERSPAN (Encapsulated Remote Switching Port Analyzer)
Example in Cisco Nexus - Reference
switch(config-erspan-src)# monitor session 1 type erspan-source
switch(config-erspan-src)# source interface ethernet 2/1
switch(config-erspan-src)# destination ip 10.1.1.1
The only option you have is start a packet-capture on a RouterOS device and “stream” this towards any IP endpoint further down the network.
On the remote end you either have some Wireshark running or probably some tool will exist to then write a pcap-file locally. (eg. rpcapd.exe)
Actually, that is not the only method.
In the Firewall Mangle screen you can set action “Sniff PC” or “Sniff TZSP” on packets.
https://help.mikrotik.com/docs/display/ROS/Mangle