This document describes the configuration options for a packet sniffer tool in MikroTik. It lists properties like the file size limit, file name, filters for IP addresses, MAC addresses, ports, and protocols. It also describes options for streaming sniffed packets, memory usage, and enabling or disabling the sniffer. An example is given of starting the sniffer with specific configuration settings and then stopping it.
This document describes the configuration options for a packet sniffer tool in MikroTik. It lists properties like the file size limit, file name, filters for IP addresses, MAC addresses, ports, and protocols. It also describes options for streaming sniffed packets, memory usage, and enabling or disabling the sniffer. An example is given of starting the sniffer with specific configuration settings and then stopping it.
This document describes the configuration options for a packet sniffer tool in MikroTik. It lists properties like the file size limit, file name, filters for IP addresses, MAC addresses, ports, and protocols. It also describes options for streaming sniffed packets, memory usage, and enabling or disabling the sniffer. An example is given of starting the sniffer with specific configuration settings and then stopping it.
Property Description file-limit (integer 10..4294967295[KiB]; Default: 1000KiB) File size limit. Sniffer will stop when limit is reached. file-name (string; Default: ) Name of the file where sniffed packets will be s aved. filter-ip-address (ip/mask[,ip/mask] (max 16 items); Default: ) Up to 16 ip addr esses used as a filter filter-mac-address (mac/mask[,mac/mask] (max 16 items); Default: ) Up to 16 MAC addresses and MAC address masks used as a filter filter-port ([!]port[,port] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter filter-ip-protocol ([!]protocol[,protocol] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter IP protocols (instead of protocol names, protocol number can be used) ipsec-ah - IPsec AH protocol ipsec-esp - IPsec ESP protocol ddp - datagram delivery protocol egp - exterior gateway protocol ggp - gateway-gateway protocol gre - general routing encapsulation hmp - host monitoring protocol idpr-cmtp - idpr control message transport icmp - internet control message protocol icmpv6 - internet control message protocol v6 igmp - internet group management protocol ipencap - ip encapsulated in ip ipip - ip encapsulation encap - ip encapsulation iso-tp4 - iso transport protocol class 4 ospf - open shortest path first pup - parc universal packet protocol pim - protocol independent multicast rspf - radio shortest path first rdp - reliable datagram protocol st - st datagram mode tcp - transmission control protocol udp - user datagram protocol vmtp - versatile message transport vrrp - virtual router redundancy protocol xns-idp - xerox xns idp xtp - xpress transfer protocol filter-mac-protocol ([!]protocol[,protocol] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter. Mac protocols (instead of protocol names, protocol number can be used): arp - Address Resolution Protocol ip - Internet Protocol ipv6 - Internet Protocol next generation ipx - Internetwork Packet Exchange rarp - Reverse Address Resolution Protocol filter-stream (yes | no; Default: yes) Sniffed packets that are devised for sni ffer server are ignored filter-direction (any | rx | tx; Default: ) Specifies om which direction fil tering will be applied. interface (all | name; Default: all) Interface name on which sniffer will be running. all indicates that sniffer will sniff packets on all interfaces.
Memory amount us ed to store sniffed data. memory-scroll (yes | no; Default: yes) Whether to rewrite older sniffed data wh en memory limit is reached. only-headers (yes | no; Default: no) Save in the memory only packet's headers not the whole packet. streaming-enabled (yes | no; Default: no) Defines whether to send sniffed packets to streaming server streaming-server (IP; Default: 0.0.0.0) Tazmen Sniffer Protocol (TZSP) stream re ceiver Example In the following example streaming-server will be added, streaming will be enabl ed, file-name will be set to test and packet sniffer will be started and stopped after some time: [admin@MikroTik] tool sniffer> set streaming-server=192.168.0.240 \ \... streaming-enabled=yes file-name=test.pcap [admin@MikroTik] tool sniffer> print interface: all only-headers: no memory-limit: 100KiB memory-scroll: yes file-name: test.pcap file-limit: 1000KiB streaming-enabled: yes streaming-server: 192.168.0.240 filter-stream: yes filter-mac-address: filter-mac-protocol: filter-ip-address: filter-ip-protocol: filter-port: filter-direction: any running: no [admin@MikroTik] tool sniffer> start [admin@MikroTik] tool sniffer> stop