Property Description file-limit (integer 10..4294967295[KiB]; Default: 1000KiB) File size limit. Sniffer will stop when limit is reached. file-name (string; Default: ) Name of the file where sniffed packets will be s aved. filter-ip-address (ip/mask[,ip/mask] (max 16 items); Default: ) Up to 16 ip addr esses used as a filter filter-mac-address (mac/mask[,mac/mask] (max 16 items); Default: ) Up to 16 MAC addresses and MAC address masks used as a filter filter-port ([!]port[,port] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter filter-ip-protocol ([!]protocol[,protocol] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter IP protocols (instead of protocol names, protocol number can be used) ipsec-ah - IPsec AH protocol ipsec-esp - IPsec ESP protocol ddp - datagram delivery protocol egp - exterior gateway protocol ggp - gateway-gateway protocol gre - general routing encapsulation hmp - host monitoring protocol idpr-cmtp - idpr control message transport icmp - internet control message protocol icmpv6 - internet control message protocol v6 igmp - internet group management protocol ipencap - ip encapsulated in ip ipip - ip encapsulation encap - ip encapsulation iso-tp4 - iso transport protocol class 4 ospf - open shortest path first pup - parc universal packet protocol pim - protocol independent multicast rspf - radio shortest path first rdp - reliable datagram protocol st - st datagram mode tcp - transmission control protocol udp - user datagram protocol vmtp - versatile message transport vrrp - virtual router redundancy protocol xns-idp - xerox xns idp xtp - xpress transfer protocol filter-mac-protocol ([!]protocol[,protocol] (max 16 items); Default: ) Up to 16 comma separated entries used as a filter. Mac protocols (instead of protocol names, protocol number can be used): arp - Address Resolution Protocol ip - Internet Protocol ipv6 - Internet Protocol next generation ipx - Internetwork Packet Exchange rarp - Reverse Address Resolution Protocol filter-stream (yes | no; Default: yes) Sniffed packets that are devised for sni ffer server are ignored filter-direction (any | rx | tx; Default: ) Specifies om which direction fil tering will be applied. interface (all | name; Default: all) Interface name on which sniffer will be running. all indicates that sniffer will sniff packets on all interfaces.
Memory amount us ed to store sniffed data. memory-scroll (yes | no; Default: yes) Whether to rewrite older sniffed data wh en memory limit is reached. only-headers (yes | no; Default: no) Save in the memory only packet's headers not the whole packet. streaming-enabled (yes | no; Default: no) Defines whether to send sniffed packets to streaming server streaming-server (IP; Default: 0.0.0.0) Tazmen Sniffer Protocol (TZSP) stream re ceiver Example In the following example streaming-server will be added, streaming will be enabl ed, file-name will be set to test and packet sniffer will be started and stopped after some time: [admin@MikroTik] tool sniffer> set streaming-server=192.168.0.240 \ \... streaming-enabled=yes file-name=test.pcap [admin@MikroTik] tool sniffer> print interface: all only-headers: no memory-limit: 100KiB memory-scroll: yes file-name: test.pcap file-limit: 1000KiB streaming-enabled: yes streaming-server: 192.168.0.240 filter-stream: yes filter-mac-address: filter-mac-protocol: filter-ip-address: filter-ip-protocol: filter-port: filter-direction: any running: no [admin@MikroTik] tool sniffer> start [admin@MikroTik] tool sniffer> stop