I’ve been debugging a frustrating issue with a remote server rejecting some credentials from a Raspberry Pi based system on my network. While I’ve used WireShark in the past, it’s generally debugging traffic to or from my computer. Being a man in the middle is a pain as I need to set up proxies to route traffic through my network.
Enter the wonders of adding a Mikrotik router into the mix, and life is bliss!
Mikrotik’s RouterOS provides a great sniffing tool, where you can send a copy any traffic on the net to a different computer.
On the Mikrotik, the following commands, adding your computer’s IP as the streaming server. You can of course also use the Tools->Packet Sniffer tool in the GUI.
/tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.box /tool sniffer start
Then start up WireShark, and simply capture all traffic on UDP port 37008 with the following filter:
udp port 37008
And that’s it. You can examine any packets you want.
So good for me? Well sort of. I fixed my problem, but discovered that the stinking service is sending authentication credentials in plain text, through an unencrypted channel. Time to put on my grumpy hat and type a nastygram.