What should I state in the capture filter (tcpdump) filter field of WireShark? "udp"? "host mt.ip.here"?, "host intruder.ip.here"? or? What I want to get into WireShark is actually raw packets of indruder to/from communication. So - what is the relation of address1 and address2? Is it like src, dst? So if I want to stream whole traffic coming to/from one concrete IP address, do I fill in that ip adress in address1 field, and the second one stays with 0.0.0.0/0, or? I surely don't want to use 0.0.0.0/0 everywhere, which would imo redirect whole 50mbit traffic?Ģ) I went to WireShark, set-up logging to files, disabled WCCP as suggested, but I am still not sure I am receiving streamed content. Sorry but stating "criterion of choosing the packets to process" is like actually stating nothing usefull. this aproach either does not work at all, or I am completly dumb (which might be the caseġ) I can choose two adresses, and here comes my issue with MT docs. Then I think I know at least basic stuff about MT, but. I work with WireShark and I know basic stuff about it. I tried many things, but I am not sure I am getting expected result. We were recently contacted by one criminal investigation agency, and they want us to cooperate upon catching some criminal activity from our network. Sorry to bump-up the topic, but maybe better than establishing new one The Mikrotik documentation, likewise, tells how to tell RouterOS to *send* the stream, but does not mention how to tell wireshark to *receive* the stream. I've gone through the wireshark documentation and it barely touches on the whole concept of receiving a stream from a remote capture. How do you invoke it? Do you have to tell it to listen on some port? How do you tell it to "accept UDP"? What exactly does that mean, anyway. The above instructions are great but they don't describe the wireshark setup. Protocols), as that collides with TZSP and by default frames may be you may need to disable WCCP protocol in wireshark (Analyze/Enabled if you are streaming wireless sniffer captures (interface wirelessĤ. make sure you accept UDP in wireshark (as TZSP uses UDP to transport data)ģ. tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.boxĢ. configure sniffer to stream to device running wireshark:
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |