Updated the thread name as it looks like the problem is how to sniff in general traffic between two wifi clients in the same subnet.
Currently when default-forwarding is enabled in the wireless interface traffic does not reach the cpu and is handled by the wifi chip (e.g. packet sniffer/torch are useless).
When default forwarding is disabled clients cannot speak to each other ... What is the equivalent of port mirroring for the wifi chip?
Hi Mikrotik guru's
I am a software developer so excuse my *naive* understanding of network communication
So I have a server and a client that speak to each other using UDP.
Both are connected via Wifi on the same mikrotik router.
Mikrotik router is updated to the latest version - I have tested with two different models, same problem.
I want to check the traffic between client/server with the packet sniffer that is part of the mikrotik UI (under tools).
What I have done so far:
Verify that traffic is really going on the dedicated interfaces, for that purpose I have ran wireshark on on the box where the server is and send traffic from the client using the capture filter "udp" on the wifi interface of the server - the packets show in wireshark with "Source" and "Destination" "Protocol" etc. decoded by wireshark and the payloads look ok (well the response from the server is somehow padded with gazzilion of 00s but that is probably because of packet fragmentation of MTU expiration .... anyway, it works well and the client can decode id fine - just wanted to mention that if this will help)
Start packet sniffer on the mikrotik in the most verbose mode ever: Sniff anything on all interfaces (check the attached sniffer.png
for a screenshot). So I do it like this:
1. start packet sniffer
2. do a simple UDP communication and
3. stop it so that the limit of 100kb is not reached.
For my surprise there is no trace whatsoever of the udp packets in the packets captured by the sniffer ...
I have tried the trick with streaming the packets to a machine which runs wire shark and using the "udp port 37008" capture filter - same result (I have disabled the "WCCP" as it was clashing with TZSP used by mikrotik to channel the traffic)
So I am sure I am doing something pretty stupid but I cannot figure out what is it?
On the https://wiki.mikrotik.com/wiki/Manual:T ... et_Sniffer
page there is one line that says:
"Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip)."
My understanding is that UDP traffic is not passing through the switch chip as that is not Ethernet traffic but over wifi and the packets are going through the router. But it might be that my understand is of "switch chip" is not correct - may be the traffic is going thought this mysterious "switch chip". If you say that is the usecase how can I capture the traffic?
You might say "well you already have wireshark installed use that!" ... unfortunately for me i do not have the permission to install wireshark (or any other for that matter) unauthorized software on peoples servers in order to do traffic troubleshooting.
You do not have the required permissions to view the files attached to this post.