In the past, I used packet sniffer and I was able to see on Wireshark the packets as sent by the devices connected on the Router.
In the last months (I have the latest FW of the RouterOS and the latest Wireshark) I see on Wireshark the traffic sent by the router to my PC as TZSP packets with the Router IP address as souce IP and PC IP address as destination IP.
It looks like as Wireshark is not able to decode this traffic and shows the raw packets.
The same happens both streaming that saving a file on the router and then opening this with wireshark.
I use this method all of the time - I am using the current versions of both. If your tzsp port matches between ROS and Wireshark it should decode everything normally. If you want to just get your traffic that is streamed, make sure you use a capture filter and not a display filter( i.e. “udp port 37008”).
Yes it worked also for me, in the past. I reinstalled wireshark, Set ROS to default. Port is 37008 and I set the capture filter but nothing, I see the packets but TZSP protocol is not analyzed and I see only the raw TZSP packets!
The first point is to find out whether the issue is with RouterOS or with Wireshark. So export one or two packets into a new .pcap file and post it here so that someone else can check with their Wireshark setup. Also, if Wireshark shows TZSP but doesn’t complain about malformed contents, something is more likely switched off in Wireshark than broken in the packet contents. If it shows raw packets but doesn’t even say they are TZSP ones (it’s not clear from your wording), you may have just disabled TZSP or a lower layer protocol by mistake (by clicking a wrong item in the context menu). So how deep the packets are actually dissected? Is TZSP the last layer in the dissection pane, or some other one (UDP, IP, Ethernet)?
The problem was related to a recursive sniffing of the traffic sent by the router to the PC.
Excluding the port 37008 using the Filter option on the Mikrotik or excluding the interface connected to the PC, the problem is solved.