Stream Capture to a host like Mikrotik - TZSP - UDP Encapsulated

asked 2018-04-24 03:19:43 +0000

fischerdouglas gravatar image

How to do a capture packets with tcpdump and encapsulate it and send it to another host running wireshark(or tshark) like Mikrotik does?

Mikrotik orientation is in this link:

https://wiki.mikrotik.com/wiki/Ethere...

Next is a link to a Russian video(but understandable, because of images) that exemplifies it.

https://youtu.be/YxYnNple7oE

I looked to the packets and found a layer of TZSP

https://en.wikipedia.org/wiki/TZSP

I didn't know it until 2 hours ago... And it works perfectly! Real time with low CPU consume on the host that is sniffing and no local disk needed.

P.S.: I Know the possibility on using ssh tunneling, but is not possible in some devices that I'm working with...

edit retag flag offensive close merge delete

Comments

I found some mention to this on a 2009 post on the wireshark mail list, but following the tread i didn`t found any explanation of how to use it.

https://www.wireshark.org/lists/wires...

fischerdouglas gravatar imagefischerdouglas ( 2018-04-24 03:21:39 +0000 )edit
add a comment