sirhc wrote:
Example of use:
A WISP sees weird behavior on a port feeding an AP that services 30+ customers so they mirror that port to their computer running WireShark to capture the stream (Yes Wireshark supports this)
The WISP then looks through the garbage looking for something of interest to a specific customer IP so they stop the MIRROR and then add an IP or MAC Filter and restart the MIRROR. Now they am able to determine that the customer is running a bittorrent, or maybe they must have a worm or something of that nature. Or in this case figure out what this strange amount of data is.
Being a WISP for 16 years I can tell you that this feature would be invaluable.
Another thing that would make this feature fast and convent is to mirror the packets to a window on the MIRROR tab negating the need for Wireshark for quick and dirty peaks without all the advanced features Wireshark provides to sort the data.
This is a PRIME EXAMPLE of where this function would be AWESOME.
If people think this feature is a great idea please comment in this thread.
Chris - Take a look at the Packet Sniffer on Mikrotik routers / in RouterOS. I think you are talking about the same functionality for packet sniffing and it IS VERY useful for trouble shooting many situations. You can set a filter for the IP, MAC, protocol, port, direction, etc. You can save it to a local file on the router which overwrites every xxxkb, or stream it to a server running wireshark etc. We exclusively use it locally on the router and don't stream to a server. Simply put in the filter paramters, hit start, and each time you hit the packets button, it updates opens a window with the current set of packets being collected. I think you aren't super familiar with MT so here are some screen shots. They have some terrific tools.
