-
-
Save jabb3rd/b9d6a29098a5b8f1ee45 to your computer and use it in GitHub Desktop.
Convert tcpdump from MikroTik wireless sniffer into airodump-ng friendly format (remove TZSP headers)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Set up streaming server: | |
/interface wireless sniffer set streaming-server=X.X.X.X | |
/interface wireless sniffer set streaming-enabled=yes | |
/interface wireless sniffer set multiple-channels=yes | |
2. Set up scan list or specific channel(s) (frequencies in MHz): | |
/interface wireless set scan-list=default | |
3. Start up the sniffer: | |
/interface wireless sniffer sniff interface=wlan1 | |
4. Catch the TZSP traffic at streaming server with tcpdump: | |
tcpdump -i eth0 -w in.pcap udp and port 37008 | |
5. Convert in.pcap into usable format: | |
bittwiste -M 105 -I in.pcap -O out.pcap -D 1-63 | |
-M 105 — IEEE 802.11 | |
-D 1-63 — remove leading TZSP headers | |
6. When using /tool sniffer, you should use the following parameters for getting tcpdump-like pcap: | |
bittwiste -M 1 -I in.pcap -O out.pcap -D 1-47 | |
-M 1 — Ethernet | |
-D 1-47 — remove leading TZSP | |
Thanks @bcc for the comment, and also this thread for mentioning my gist: http://forum.mikrotik.com/viewtopic.php?t=95792 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Not directly related, but as this shows up for a google search for my problem - to do the same for a capture over Ethernet: -M 1 -D 1-47