I’ve been debugging a frustrating issue with a remote server rejecting some credentials from a Raspberry Pi based system on my network.  While I’ve used WireShark in the past, it’s generally debugging traffic to or from my computer.  Being a man in the middle is a pain as I need to set up proxies to route traffic through my network.

Enter the wonders of adding a Mikrotik router into the mix, and life is bliss!

Mikrotik’s RouterOS provides a great sniffing tool, where you can send a copy any traffic on the net to a different computer.

On the Mikrotik, the following commands, adding your computer’s IP as the streaming server.  You can of course also use the Tools->Packet Sniffer tool in the GUI.

/tool sniffer set streaming-enabled=yes streaming-server=ip.of.wireshark.box 
/tool sniffer start

Then start up WireShark, and simply capture all traffic on UDP port 37008 with the following filter:

udp port 37008

And that’s it.  You can examine any packets you want.

So good for me?  Well sort of.  I fixed my problem, but discovered that the stinking service is sending authentication credentials in plain text, through an unencrypted channel.  Time to put on my grumpy hat and type a nastygram.