Stream Capture to a host like Mikrotik - TZSP - UDP Encapsulated

asked 2018-04-24 03:19:43 +0000

fischerdouglas gravatar image

How to do a capture packets with tcpdump and encapsulate it and send it to another host running wireshark(or tshark) like Mikrotik does?

Mikrotik orientation is in this link:

Next is a link to a Russian video(but understandable, because of images) that exemplifies it.

I looked to the packets and found a layer of TZSP

I didn't know it until 2 hours ago... And it works perfectly! Real time with low CPU consume on the host that is sniffing and no local disk needed.

P.S.: I Know the possibility on using ssh tunneling, but is not possible in some devices that I'm working with...

edit retag flag offensive close merge delete


I found some mention to this on a 2009 post on the wireshark mail list, but following the tread i didn`t found any explanation of how to use it.

fischerdouglas gravatar imagefischerdouglas ( 2018-04-24 03:21:39 +0000 )edit