MikroTik

Is it possible to copy a packet passing through Mikrotik and forward to another host for analysis? I mean the original packet still goes through to its intended host and its copy goes to another host. I know the packet sniffer can do that but it's in TZSP. The analysis software is custom, not WireShark.

Is it possible to copy a packet passing through Mikrotik and forward to another host for analysis? I mean the original packet still goes through to its intended host and its copy goes to another host. I know the packet sniffer can do that but it's in TZSP. The analysis software is custom, not WireShark.

look information about calea package

You can have the MikroTik send flow data, NetFlow and IPFIX are supported. Hopefully the analysis software support those formats. Alternatively nProbe can receive NetFlow / IPFIX data and you may be able to write a plugin to have it export data in the format needed by your custom tool. I don't think NetFlow supports sending the whole packet if you need to look inside the encapsulated data though. It's useful for metric based information like how many packets of a particular protocol you're sending and between which parties.

What you're probably really after is port-mirroring. Aka Cisco SPAN. This will let you send all data for say an Ethernet port out another Ethernet port for collection.

Thanks everyone!
Calea did the trick, and since its firewall based I can even do some filtering before sending the packet for further analysis.