Wireless Sniffer streaming and @#$%@ TZSP

To make a long story short. I’m trying to work out a solution for someone trying to monitor a wireless environment over a wide area. The current solution costs quite a bit of money and to be honest sucks. I can see some Mikrotik devices acting as cost effective sensors but the TZSP encapsulation is giving me a headache. I know it’s a standard format but I can’t find a single utility to strip off the TZSP header and trafr is basically worthless as it’s only for 32bit systems.

Any hope of getting a 64bit version and options for selecting interfaces?

Hi,
I use Wireshark, simply filtering by sending ip. It should decode TZSP frame easily.

Massimo

This doesn’t work?

http://wiki.mikrotik.com/wiki/Ethereal/Wireshark

I don’t need to look at the stream in wireshark. I need to remove the TZSP header to pass it to other software as native packets not a TZSP stream.

http://wiki.mikrotik.com/wiki/Calea_perl_trafr

I need native code, not scripts.

Mikrotik… open source trafr please

I have created on open source tzsp decapsulation tool called tzsp2cap. It will strip away the tzsp protocol and save the original packets to a PCAP file. See the link:

http://forum.mikrotik.com/t/mikrotik-router-os-routerboard-and-snort-ids-ips/53884/10

hi troynel.

in here

http://code.google.com/p/tzsp2cap/

i cannot find any file?


afther git clone, when i want compile it:

tzsp2cap.c:8:18: fatal error: pcap.h: No such file or directory
compilation terminated.

thank you.

hi, you need to have libpcap installed before you try to compile on linux (yum install libpcap-dev or apt-get ).

also look into:
https://gist.github.com/jabberd/b9d6a29098a5b8f1ee45

or see my post about stripping tzsp (wireless) here:
http://forum.mikrotik.com/t/wireless-sniffer-streaming-to-a-server/87038/1