System information
Manual:Troubleshooting tools
96
running: no
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop
Here you can specify different packet sniffer parameters, like maximum amount of used memory, file size limit in
KBs.
Running Packet Sniffer Tool
There are three commands that are used to control runtime operation of the packet sniffer:
/tool sniffer start, /tool sniffer stop, /tool sniffer save.
The start command is used to start/reset sniffing, stop - stops sniffing. To save currently sniffed packets in a specific
file save command is used.
In the following example the packet sniffer will be started and after some time - stopped:
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop
Below the sniffed packets will be saved in the file named test:
[admin@MikroTik] tool sniffer> save file-name=test
View sniffed packets
There are also available different submenus for viewing sniffed packets.
• /tool sniffer packet – show the list of sniffed packets
• /tool sniffer protocol – show all kind of protocols that have been sniffed
• /tool sniffer host – shows the list of hosts that were participating in data exchange you've sniffed
For example:
[admin@MikroTik] tool sniffer packet> print
# TIME INTERFACE SRC-ADDRESS
0 1.697 ether1 0.0.0.0:68 (bootpc)
1 1.82 ether1 10.0.1.17
2 2.007 ether1 10.0.1.18
3 2.616 ether1 0.0.0.0:68 (bootpc)
4 2.616 ether1 10.0.1.18:45630
5 5.99 ether1 10.0.1.18
6 6.057 ether1 159.148.42.138
7 7.067 ether1 10.0.1.5:1701 (l2tp)
8 8.087 ether1 10.0.1.18:1701 (l2tp)
9 9.977 ether1 10.0.1.18:1701 (l2tp)
-- more
Figure below shows sniffer GUI in Winbox, which is more user-friendly.