Community discussions

MikroTik App
  4. RouterOS
  5. General

sniff TZSP on output chain not working

Post Reply
 
Brendon
just joined
Topic Author
Posts: 3
Joined: Thu Sep 12, 2019 5:52 pm

sniff TZSP on output chain not working

Sun Jan 31, 2021 4:54 pm

Hello,

i am trying to use Snort as IDS using Mangle rules and have problems with sniff TZSP on output chain. Input & Forward chains are OK. From output chain getting this:
Code: Select all
root@XXX:/home/XXXX# tzsp2pcap -f | tcpdump -n -q -r -
15:25:51.144655 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Unnumbered, ui, Flags [Command], length 1012
15:25:51.566178 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566244 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566260 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566283 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566297 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566494 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566517 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.566533 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.567198 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.567293 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.567312 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.567334 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.567347 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 2, rcv seq 102, Flags [Command], length 1228
15:25:51.875362 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver Ready, rcv seq 103, Flags [Command], length 462
15:25:51.880398 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 2, rcv seq 58, Flags [Command], length 1140
15:25:51.890121 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890204 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890240 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890278 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890638 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890680 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890712 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890745 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Supervisory, Receiver not Ready, rcv seq 110, Flags [Command], length 1500
15:25:51.890778 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 2, rcv seq 87, Flags [Command], length 1198
15:25:52.141431 00:00:00:00:00:00 Null > 00:00:00:00:00:00 Unknown DSAP 0x44 Unnumbered, ui, Flags [Command], length 1012
15:25:52.144988 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145055 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145083 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145106 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145129 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 64, Flags [Command], length 128
15:25:52.145416 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 59, Flags [Poll], length 119
15:25:52.145442 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 76, Flags [Poll], length 153
15:25:52.145467 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145491 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145514 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 64, Flags [Command], length 128
15:25:52.145537 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 59, Flags [Poll], length 119
15:25:52.145686 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145711 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145735 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 64, Flags [Command], length 128
15:25:52.145758 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145782 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145805 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 76, Flags [Poll], length 153
15:25:52.145829 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 59, Flags [Poll], length 119
15:25:52.145851 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145875 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 104, Flags [Poll], length 209
15:25:52.145903 00:00:00:00:00:00 Unknown SSAP 0xc0 > 00:00:00:00:00:00 Unknown DSAP 0x44 Information, send seq 0, rcv seq 64, Flags [Command], length 128
I am using tzsp2pcap because of ARM, tried trafr on x86 with same weird capture, ip/firewall/calea same. Output is correct only when i use Packet Sniffer tool.
Device: hAP AC, v. 6.48
Bug or feature?

Thank you.
B.
Top
Post Reply
  4. RouterOS
  5. General