Hi Guys,

I was trying to find a way to capture the packets in the area without interruption of network and send them via syslog back to the server,

Still, if it is not possible to run this without interruption, perhaps we can use a script to run every hour for 10-30 seconds and send these information back to the server.

We are trying to catch someone who has stolen a couple of laptops and we guess the person might be in the area using those laptops nearby, but perhaps on other networks.



Thanks

To sniff completely all traffic and save it to a remote location you can try CALEA feature in RouterOS.
http://wiki.mikrotik.com/wiki/CALEA

To sniff completely all traffic and save it to a remote location you can try CALEA feature in RouterOS.
http://wiki.mikrotik.com/wiki/CALEA

CALEA is a different solution for a different purpose,
What want to do is to sniff wireless 802.11 packets on the air for a period of time that AP is idle or inactive.
for the MAC addresses in the area, so we can find out if the person is actually using
the stolen laptop in a certain area on a specifid SSID to further track them.

Thanks

Calea and /tool sniffer allow you to do the same, sniff and save all the packets seen by access point.

Calea and /tool sniffer allow you to do the same, sniff and save all the packets seen by access point.

I mean the "/interface wireless sniff" or "/interface wireless snoop",
The calea and "/tool sniffer" only do the job when there is a node in a network and passing
traffic to us.

If you want to sniff wireless traffic then use kismet. Do you have the mac address of the stolen laptop(s)?

If you want to sniff wireless traffic then use kismet. Do you have the mac address of the stolen laptop(s)?

yes we do have that.
but kismet does not run on mikrotik.
what we need is something built-in that we can use our existing outdoor network across the city
consist of few hundred sector antennas to detect the stolen laptop if by chance it comes to nearby location
and by ack-time we might be able to calculate the approximate distance. or By SSID we might be able to triangulate
the location.

however, I think we have to use a script to run the /interface wireless snooper" and syslog the list of extensions.

the only problem here is that during this command the system will totally loose the connectivity with it's clients which might not be acceptable.

Is there a solution to overcome this?


beside that I believe MT in jointventure of DD-WRT or OPEN-wrt and other open platform can come up with a form of community MAC-list to find create a multi platform similar to CALEA to track stolen iPhone/laptops or other wifi equipped items.

Then if your using The Dude to manage your mikrotik gear you can see all the connected MACs of wireless clients for all your APs. There is no need for a special script or program.

Then if your using The Dude to manage your mikrotik gear you can see all the connected MACs of wireless clients for all your APs. There is no need for a special script or program.

You need to check who is not on the network and connected to other SSID

Then if your using The Dude to manage your mikrotik gear you can see all the connected MACs of wireless clients for all your APs. There is no need for a special script or program.

You need to check who is not on the network and connected to other SSID

Hi!
query? was implemented capture the packets in snooper?
thanks!

flaguna,
No