Stream Capture to a host like Mikrotik - TZSP - UDP Encapsulated
How to do a capture packets with tcpdump and encapsulate it and send it to another host running wireshark(or tshark) like Mikrotik does?
Mikrotik orientation is in this link:
https://wiki.mikrotik.com/wiki/Ethere...
Next is a link to a Russian video(but understandable, because of images) that exemplifies it.
I looked to the packets and found a layer of TZSP
https://en.wikipedia.org/wiki/TZSP
I didn't know it until 2 hours ago... And it works perfectly! Real time with low CPU consume on the host that is sniffing and no local disk needed.
P.S.: I Know the possibility on using ssh tunneling, but is not possible in some devices that I'm working with...
I found some mention to this on a 2009 post on the wireshark mail list, but following the tread i didn`t found any explanation of how to use it.
https://www.wireshark.org/lists/wires...