The Best Way to Stream MikroTik's Packet Sniffer to Wireshark

While you can use udp.dstport == 37008 to filter for MikroTik’s packet sniffer, I prefer to setup the ‘UDP Listener remote capture: udpdump’ feature in Wireshark. This way you will have a clean packet capture without having to filter out unrelated traffic, with the benefit of also not spamming your router with ICMP ‘Destination Unreachable’ packets.

Requirements

Now there is a reason why this isn’t often recommended, and that’s because it requires the UDPdump component, which isn’t selected by default when you install Wireshark on Windows. So you may need to reinstall Wireshark and select the ‘UDPdump’ component in the installer.

Wireshark Windows Installer Components

On Debian it’s included in the wireshark-common package, which should be installed automatically. I’d assume other distributions would be similar.

Setup

  1. In the ‘Capture’ menu, click the little gear icon next to “UDP Listener remote capture: udpdump”.

    Wireshark UDPdump Config Icon

  2. A new window will open, enter your configured listen port (default is 37008) and enter tzsp as the payload type.

    Wireshark UDPdump Config Window

  3. Click ‘Save’ and then ‘Start’ to begin capturing packets.

    Wireshark UDPdump Start Button

Thanks for reading!
Steve.


If I helped you please sponsor me on GitHub!

This site doesn't use any Google services or advertising, read more here.

© Stephen Horvath 2025