{"id":3087,"date":"2024-01-04T11:47:04","date_gmt":"2024-01-04T11:47:04","guid":{"rendered":"https:\/\/wordpress.pedrorotoli.com\/?p=3087"},"modified":"2024-01-04T11:47:04","modified_gmt":"2024-01-04T11:47:04","slug":"remote-capture-with-wireshark-and-mikrotik","status":"publish","type":"post","link":"https:\/\/wordpress.pedrorotoli.com\/?p=3087","title":{"rendered":"Remote Capture With Wireshark and Mikrotik"},"content":{"rendered":"

Using Winbox access the Mikrotik router, then on Tools<\/em>, open Packet Sniffer<\/em>.<\/p>\n

\"Packet
Packet Sniffer location on Winbox<\/figcaption><\/figure>\n

Then, on the Packet Sniffer window, open the Streaming tab.<\/p>\n

\"Packet
Packet Sniffer on Mikrotik<\/figcaption><\/figure>\n

Select the option Streaming Enabled<\/em>, on Server<\/em> put the IP of the machine that will be running Wireshark, on Port<\/em> you can leave as is or specify a different port, then open the Filter<\/em> tab.<\/p>\n

\"Mikrotik
Mikrotik Packet Sniffer Filter<\/figcaption><\/figure>\n

Select the interface that you wish to perform the capture, here you can specify a multitude of filters, if you wish to reduce the traffic sent over to the PC that will perform the capture.<\/p>\n

After everything is configured correctly, click Apply<\/em> then Start<\/em>.<\/p>\n

Now on to Wireshark.<\/p>\n

\"Wireshark
Wireshark Interface and filter selection<\/figcaption><\/figure>\n

On Wireshark, select the interface where you will receive the capture stream, and use the filter udp port <port number specified earlier><\/strong>, then double click on the interface selected previously, this will start the capture on Wireshark.<\/p>\n

\"Remote
Remote Wireshark capture running<\/figcaption><\/figure>\n

And with this you can make remote captures on Wireshark.<\/p>\n

Just don’t forget to also stop the capture on the Mikrotik when you are finished.<\/p>\n","protected":false},"excerpt":{"rendered":"

Using Winbox access the Mikrotik router, then on Tools, open Packet Sniffer. Then, on the Packet Sniffer window, open the Streaming tab. Select the option<\/p>\n","protected":false},"author":1,"featured_media":3094,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3087","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/3087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3087"}],"version-history":[{"count":2,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/3087\/revisions"}],"predecessor-version":[{"id":3095,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/3087\/revisions\/3095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/media\/3094"}],"wp:attachment":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}