I am trying to do some basic packet sniffing. I setup my sniffer:
[admin@BIOMED_MAIN] tool sniffer> print
interface: all
only-headers: yes
memory-limit: 2000
file-name:
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 192.168.3.76/0:0-65535
filter-address2: 192.168.3.76/0:0-65535
running: yes
because I only want to capture packets from 192.168.3.76
Yet, when I start, then stop it, and then check "packet print", I see traffic from going to and from the router to all 192.168.3.x addresses, not just 192.168.3.76. Also, no matter what, I have never seen an icmp packet logged in sniffer, which is bizarre.
I am trying to do a ping from the router (192.168.3.254) to the host (192.168.3.76) and capture a sniff of this. I have also tried setting the sniffer as:
[admin@BIOMED_MAIN] tool sniffer> print
interface: all
only-headers: yes
memory-limit: 2000
file-name:
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 192.168.3.76/0:0-65535
filter-address2: 192.168.3.254/0:0-65535
running: yes
But it doesn't matter. I "start", do my pings, then "stop", then "packet print" and all I see is my telnet traffic to the router but not the pings.
Any ideas?
Re: Is packet sniffing broke in 2.8.11?
should the netmask not be set to "/32"?...
filter-address1: 192.168.3.76/0:0-65535
filter-address2: 192.168.3.76/0:0-65535
...
Any ideas?
Yes, your right, but it still does not seem to capture packets to/from the router of type icmp:
[admin@BIOMED_MAIN] tool sniffer> print
interface: all
only-headers: yes
memory-limit: 2000
file-name:
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 192.168.3.254/32:0-65535
filter-address2: 192.168.3.76/32:0-65535
running: no
I start, then ping, then stop, and the packet buffers are empty
[admin@BIOMED_MAIN] tool sniffer> print
interface: all
only-headers: yes
memory-limit: 2000
file-name:
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 192.168.3.254/32:0-65535
filter-address2: 192.168.3.76/32:0-65535
running: no
I start, then ping, then stop, and the packet buffers are empty
changeip,
The reason its not logged, is because its broke, or its an undocumented feature.
ICMP is most DEFINITELY an IP protocol. In fact, its IP Protocol 1, it is in no way, shape or form not part of the IP protocol: icmp, igmp, tcp, igrp, udp, etc these are all part of IP protocol, and should be caught by sniffer.
Why it is broke, I don't know, but it sure does suck, because I really need to look at ICMP packets on a mikrotik right now.
Brian
The reason its not logged, is because its broke, or its an undocumented feature.
ICMP is most DEFINITELY an IP protocol. In fact, its IP Protocol 1, it is in no way, shape or form not part of the IP protocol: icmp, igmp, tcp, igrp, udp, etc these are all part of IP protocol, and should be caught by sniffer.
Why it is broke, I don't know, but it sure does suck, because I really need to look at ICMP packets on a mikrotik right now.
Brian