System information
Manual:Tools/Packet Sniffer
85
[admin@MikroTik] tool sniffer> stop
Running Packet Sniffer
Commands: /tool sniffer start, /tool sniffer stop, /tool sniffer save
The commands are used to control runtime operation of the packet sniffer. The start command is used to start/reset
sniffering, stop - stops sniffering. To save currently sniffed packets in a specific file save command is used.
It is also possible to use quick mode.
Example
In the following example the packet sniffer will be started and after some time - stopped:
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop
Below the sniffed packets will be saved in the file named test:
[admin@MikroTik] tool sniffer> save file-name=test
[admin@MikroTik] tool sniffer> /file print
# NAME TYPE SIZE CREATION-TIME
0 test unknown 1350 apr/07/2003 16:01:52
[admin@MikroTik] tool sniffer>
Sniffed Packets
Sub-menu: /tool sniffer packet
This sub-menu allows to see the list of sniffed packets.
[admin@SXT test] /tool sniffer packet> print
# TIME INTERFACE SRC-ADDRESS DST-ADDRESS
120 1.993 ether1 10.5.101.1:646 224.0.0.2:646 >
121 2.045 ether1 10.5.101.15:8291 (winbox) 10.5.101.10:36771 >
122 2.046 ether1 10.5.101.15:8291 (winbox) 10.5.101.10:36771 >
123 2.255 ether1 fe80::20c:42ff:fe49:fcec ff02::5 >
Property Description
data (read-only: text) Specified data inclusion in packets
direction (read-only: in | out) Indicates whether packet is entering
(in) or leaving (out) the router
dscp (read-only: integer) IP DSCP field value
dst-address (read-only: IP address) Destination IP address
fragment-offset (read-only: integer) IP fragment offset
identification (read-only: integer) IP identification
interface (read-only: name) Name of the interface the packet has
been captured on
ip-header-size (read-only: integer) The size of IP header
ip-packet-size (read-only: integer) The size of IP packet