Community discussions

MikroTik App
 
strarsis
just joined
Topic Author
Posts: 6
Joined: Tue May 24, 2016 7:28 pm

Torch vs. Packet Sniffer

Wed Jun 23, 2021 9:28 pm

Do I understand this correctly?:
The Torch tool will capture and list all packets that somehow reach the Mikrotik device (similar to "promiscuous mode"),
while the Packet Sniffer tool will only capture packets that actually go through the Mikrotik device (e.g. routing) and are processed by it?

This is important for me because the Torch tool shows that the IPCam indeed sends ICMP response packets, while the Packet Sniffer will not list them (only the ICMP request packets going to the IPCamera).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7806
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Torch vs. Packet Sniffer

Thu Jun 24, 2021 2:07 pm

I was told once that torch is simplified sniff but it's just good to see whether something is moving across the interface.
Sorry that is all I know.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
mikeeg02
Member Candidate
Member Candidate
Posts: 121
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: Torch vs. Packet Sniffer  [SOLVED]

Thu Jun 24, 2021 2:30 pm

The packet sniffer is far more powerful, it generates an actual wireshark capture file you can copy to your computer, and open with wireshark, and see every piece of info on every packet. Just like you captured it locally with your computer. You can also specify tx, rx or both on an interface which is very handy if you have high throughput on links and only really are looking for something that's being forwarded or received.

It is important to note, if using bridge ports utilizing hardware mode, during the capture, you will need to disable hardware mode on the bridge port, perform the capture, then re-enable hardware mode. Otherwise you will only capture cpu generated packets such as rstp and so on.
 
Zacharias
Forum Guru
Forum Guru
Posts: 2409
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Torch vs. Packet Sniffer

Thu Jun 24, 2021 11:14 pm

Packet sniffer is realy useful especially when used with Wireshark as the previous post indicates...
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 806
Joined: Fri Nov 10, 2017 8:19 am

Re: Torch vs. Packet Sniffer

Fri Jun 25, 2021 7:16 am

Personally, I prefer to use mangle action "sniff tzsp" because it is clear when it gets executed and you can actually choose - prerouting, forward, postrouting ... (look at packet flow). You can even sniff the same packet multiple times (once in prerouting, once in postrouting) and send them to different ports (so you can have multiple wiresharks running on the same computer and watching it simultaneously). Another advantage is that it is more stable than sniffer (e.g. sniffer stops when your router restarts). Finally - thanks to really powerful matching in mangle, you can filter very precisely, what you want to sniff.

Obvious disadvantage is, that you need to fully understand what you are matching, otherwise you may miss something.
 
Zacharias
Forum Guru
Forum Guru
Posts: 2409
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Torch vs. Packet Sniffer

Sun Jun 27, 2021 2:01 pm

@vecernik87 i wasn't aware of sniff TZSP, just tested and works great...

Who is online

Users browsing this forum: aliboy, xvo and 123 guests