Select your interface and click capture > start. On the main screen of wireshark, click the green flag next to “…using this filter:” and select the filter that we created earlier.
This can be done from analyze > enabled protocols. Press OK.ĭue to protocol conflicts, we have to disable WCCP protocol from wireshark.
Set the name to “Mikrotik capture” and the filter to “ udp port 37008“. Then by clicking the “ +” button, a new line will appear with name New capture filter and an example filter “ip host ”. So lets open wireshark and go to capture > capture filters. In order to receive only traffic from the Mikrotik device, we need to set up a filter in wireshark telling it to accept UDP traffic only for port 37008. Now if we press the Start button, Mikrotik will send traffic to our server on port 37008. I propose to use filters because if you don’t, you might cause high CPU on the mikrotik device. Next, on the Filter tab, we set some filters, like the interface we would like to sniff, traffic direction etc. In Streaming tab we check the option Streaming Enabled and we set the IP address of the PC running wireshark. I am using wireshark 2.2.7 by the way.įirst we have to connect to the Mikrotik device via winbox and set some parameters to packet sniffer utility in Tools>Packet Sniffer. All we need is network connectivity, of course, between the Mikrotik device and the PC running wireshark.
Well we can accomplish this and have the captures on wireshark. Mikrotik devices have a build-in tool called Packet sniffer, which does exactly what I need but what if I had these captures on a remote PC ? Today, for troubleshooting purposes, I needed to capture traffic from a Mikrotik wireless access point that I have.
0 kommentar(er)
