Mikrotik RouterOS Equivalent to Wireless "Monitor Mode"

ckwilcox · February 2, 2013, 1:20am

Some wireless cards and access points are capable of entering into wireless “monitor mode”. Monitor mode basically means the device can capture data about packets which are sent within range of the device’s antennae but not necessarily intended for that particular device.

By “capture data” I just mean it can produce something like a PCAP packet dump or just some summary information about packets it observes.

This is similar to, but NOT the same thing as what the “packet sniffer tool” does. (http://wiki.mikrotik.com/wiki/Manual:Tools/Packet_Sniffer) However the /tools packet_sniffer (as far as I understand) is limited to capturing data about the packets which are passing through the device, not packets which are simply in range of the device.

Does anyone know if RouterOS devices are capable of “monitor mode”? (Sorry if this has already been asked I searched for but could not find a question).

Thanks!

JorgeAmaral · February 2, 2013, 3:06pm

In winbox open the wireless section. It opens a new window, and near the scanner and freq usage buttons you have one called Wireless Sniffer

ckwilcox · February 3, 2013, 2:21am

Thanks for your response.

Are you aware of a way to use the wireless sniffing functionality via the command line? (i.e., by SSHing into the Mikrotik).

Thanks

rjscomms · February 3, 2013, 4:57am

Howdy,

try this

/interface wireless sniffer> sniff

but do not do it on a working interface otherwise you may disconnect yourself

You should see packets counting.

Then do this

/interface wireless sniffer> packet pr

to see the packet info.

ckwilcox · February 6, 2013, 3:21am

Wow, thanks! That’s very helpful. I believe this is exactly what I’m looking for!

Found the docs here:
http://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Sniffer

I’m curious though what the difference between the “Sniffer” and the “Snooper” are?! I don’t fully understand from the documentation.

thanks