trafr tool to capture packets send by Microtik sniffer doesn't work. Tested with Ubuntu Linux 6.06.1, i386. It seems to me that trafr was compiled for Linux with kernel 2.2; that is history now as most modern Linux distributions are based on kernel 2.6. Other problem is, that trafr is binary only package (no source code), and it is DYNAMICALY linked; that is really bad.
oem@scenic:~$ uname -a
Linux scenic 2.6.15-28-686 #1 SMP PREEMPT Thu May 10 09:56:30 UTC 2007 i686 GNU/Linux
oem@scenic:~$ ls -l trafr
-rwxr-xr-x 1 oem oem 4764 2004-03-17 11:35 trafr
oem@scenic:~$ file trafr
trafr: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), for GNU/Linux 2.2.0, stripped
It doesn't work, it captures just few bytes and it finish.
oem@scenic:~$ ./trafr -s 192.168.0.133 | hexdump -C
00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................|
00000010 00 10 00 00 01 00 00 00 |........|
It can help to release source code for the trafr package. It can help to release description of TZSP used for sending packets to the stream server. Ifound several notices from users running other OS (Mac OSx, NetBSD, etc) that trafr doesn't work on their system tool. Realeasing source code can help them. Is there any rocket sience in trafr code that source code has to be kept secret? I don't think so...
Manual could be updated with fresh information on this topic too, it is possible that trafr was replaced with better tool already.
http://www.mikrotik.com/testdocs/ros/2. ... niffer.php