Hello everyone, I use my MikroTik for capture remote wi-fi traffic and it works good with WireShark, but sometimes I need clearance this packets from TZSP header. May be someone can help me, - how I can save only payload from captured wi-fi packages without TZSP header?
If the TZSP header is a constant length, you can remove it with editcap.
$ editcap.exe -C 47 ./200909_MikroTik_TZSP.pcapng ./200909_MikroTik_TZSP_chop.pcapng
The Mikrotik I tested with had a 47 byte header:
14 (eth) + 20 (IP) + 8 (UDP) + 5 (TZSP) = 47
There are many option tags available in TZSP that could make the header length variable but my test device didn't use them. YMMV.
TZSP: Ethernet
Version: 1
Type: Received packet (0)
Encapsulation: Ethernet (1)
End
Option Tag: End (1)
TZSP is the wrapper protocol that MikroTik uses to stream the capture to another device.
To remove TZSP you can either:
Asked: 2021-03-29 07:56:59 +0000
Seen: 2,011 times
Last updated: Mar 29 '21
