Mikrotik… need I say More?
Show MenuHide Menu

Packet Sniffer Streaming to Wireshark from your Mikrotik

March 2, 2013

Packet Sniffer Streaming to Wireshark from your Mikrotik HOW TO by Travis Kenner

Mikrotik RB 750GL running package 6.0rc11
Windows 7 Pro Workstation 64 bit
Wireshark version 1.8.5 64 bit


How to Stream Packet Sniffing from your Mikrotik to your workstation running Wireshark:

Start Wireshark on your workstation


Log onto your Mikrotik and click on the Tools Menu on the left side


Under Tools choose Packet Sniffer


Under General set the settings as you see fit


Under the Streaming TAB


Check the box for Streaming Enabled to enable streaming

Server: This will be the IP Address of your workstation running Wireshark

NOT sure at this point what Filter Stream does but I left it checked

Now go to the Filter TAB


Interfaces: Choose your LAN interface (for me this was ether2-master-local)

IP Address: This is the IP address or address range of the device or devices you are trying to redirect packet sniffing to your workstation that has Wireshark listening

Set protocols and Port to whatever you want or are trying to capture if needed

Direction: leave as “any”


On the right side click the Start and Stop buttons to live stream or stop streaming the Mikrotik Packer captures to Wireshark.




NOTE: Here is a capture filter I used to nail down just tzsp and UDP port 5070 traffic from my VOIP phone to try and sniff and get its IP Differentiated Services Field (TOS) number so that I could mangle it in Mikrotik and setup a queue to prioritize VOIP traffic over all other traffic when bandwidth was getting sucked up by large downloads and I was on the phone!!!


Wireshark Capture Filters: tzsp or udp.port==5070

September 30, 2016 at 4:55 am

helo, nice tutorial on mikrotik. Now after starting the wireshark how do you configure it to capture on the packets from mikrotik

September 10, 2016 at 11:13 am

I can’t captured tzsp because `netstat -n` is not showed 37008 port.

how to open 37008 port on wireshark.

please tell me.(I’m windows but linux ok.)

November 6, 2015 at 6:15 am

@Artis Start wireshark to capture packets on the interface that you are streaming to

Chr. Zürcher
December 25, 2014 at 9:12 pm

Nice tutorial, got it up & running in no time.

May 14, 2014 at 1:03 pm

how to view streamed data in wireshark?
tutorial to set-up sniffer is clear, but with shark?

    November 6, 2015 at 6:16 am

    Start wireshark to capture packets on the interface that you are streaming to

Leave a Reply

Your email address will not be published. Required fields are marked *

5 visitors online now
5 guests, 0 members
Max visitors today: 16 at 03:47 pm UTC
This month: 36 at 12-11-2017 02:39 am UTC
This year: 47 at 01-03-2017 08:06 pm UTC
All time: 47 at 01-03-2017 08:06 pm UTC