Some wireless cards and access points are capable of entering into wireless "monitor mode". Monitor mode basically means the device can capture data about packets which are sent within range of the device's antennae but not necessarily intended for that particular device.

By "capture data" I just mean it can produce something like a PCAP packet dump or just some summary information about packets it observes.

This is similar to, but NOT the same thing as what the "packet sniffer tool" does. (http://wiki.mikrotik.com/wiki/Manual:To ... et_Sniffer) However the `/tools packet_sniffer` (as far as I understand) is limited to capturing data about the packets which are passing *through* the device, not packets which are simply in range of the device.

Does anyone know if RouterOS devices are capable of "monitor mode"? (Sorry if this has already been asked I searched for but could not find a question).

Thanks!

In winbox open the wireless section. It opens a new window, and near the scanner and freq usage buttons you have one called Wireless Sniffer

Thanks for your response.

Are you aware of a way to use the wireless sniffing functionality via the command line? (i.e., by SSHing into the Mikrotik).

Thanks

Howdy,

try this
but do not do it on a working interface otherwise you may disconnect yourself

You should see packets counting.

Then do this

to see the packet info.

Wow, thanks! That's very helpful. I believe this is exactly what I'm looking for!

Found the docs here:
http://wiki.mikrotik.com/wiki/Manual:In ... ss#Sniffer

I'm curious though what the difference between the "Sniffer" and the "Snooper" are?! I don't fully understand from the documentation.

thanks