Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Convert tcpdump from MikroTik wireless sniffer into airodump-ng friendly format (remove TZSP headers)
1. Set up streaming server:
/interface wireless sniffer set streaming-server=X.X.X.X
/interface wireless sniffer set streaming-enabled=yes
/interface wireless sniffer set multiple-channels=yes
2. Set up scan list or specific channel(s) (frequencies in MHz):
/interface wireless set scan-list=default
3. Start up the sniffer:
/interface wireless sniffer sniff interface=wlan1
4. Catch the TZSP traffic at streaming server with tcpdump:
tcpdump -i eth0 -w in.pcap udp and port 37008
5. Convert in.pcap into usable format:
bittwiste -M 105 -I in.pcap -O out.pcap -D 1-63
-M 105 — IEEE 802.11
-D 1-63 — remove leading TZSP headers
6. When using /tool sniffer, you should use the following parameters for getting tcpdump-like pcap:
bittwiste -M 1 -I in.pcap -O out.pcap -D 1-47
-M 1 — Ethernet
-D 1-47 — remove leading TZSP
Thanks @bcc for the comment, and also this thread for mentioning my gist: http://forum.mikrotik.com/viewtopic.php?t=95792
@bcc

This comment has been minimized.

Copy link

bcc commented Jul 28, 2015

Not directly related, but as this shows up for a google search for my problem - to do the same for a capture over Ethernet: -M 1 -D 1-47

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.