I have been searching far and wide now for a proper implementation of packet sniffing tools and related.
I am a software developer and understand the TZSP protocol and that it is transported over UDP on port 37008.
I have done extensive research and know exactly how the packet and packet header is constructed.
But for some odd reason the information (RAW Packet Data) being sent over port 37008 (UDP) - does not conform to the proper implementation of the TZSP protocol!?
There seems to be a lot of "white spacing" between the TZSP Header and the actual "first" data being sent over.
I have read countless articles over the past two weeks of you should run WireShark, run this or that tool, etc...
I have even found the source of how to construct the packet with WireShark and the Syntax and related with the packet-tzsp.c information.
However I am seriously struggling to understand How RouterOS v6.2 sends sniffed packets down the wire; a sample of the "raw" data sent on UDP port 37008 would be:
I also need some assistance maybe from the guru's at MikroTik on how to properly "dissect" this data being sent over the wire (as there seems to be blank data marked in red, etc... being sent; even though the "protocol and everything" seems to be "open source" this part seems to be "classified" as an industry secret?
I have been able to capture some information using WireShark, when disabling WCCP, etc...
However I would need more help on this as I am coding a utility that will properly be logging network traffic, and the only way I found that the most information can be logged is using packet sniffers.
Your help would greatly be appreciated - even if I can get some guys in on a the project to properly do this!