Hey guys, i will need some help here.
How to configure Suricata on ubuntu to receive all traffic from Mikrotik Sniffer?
I dont want to monitor only the server, i want to monitor all traffic behind the mikrotik router.
The sniffer is up and running i can see all traffic with wireshark.
I have a fresh install of Suricata, but im new to this stuff.
Any ideas where to start and what to do?
If you can see the traffic that you want to monitor in wireshark, then Suricata will also see it.
You can start by following the Suricata installation guide and work out your way from there.
If you happen to face any issues, you can post them here or in the Discord channel.
Wireshark sees the traffic forwarded from the Mikrotik router in tzsp protocol on port udp 37008.
Is there any way to tell Suricata to listen on a port for the traffic? I cant find a clean guide.
It seems that Suricata doesn’t support tzsp protocol yet Feature #936: support tzsp protocol - Suricata - Open Information Security Foundation
Too bad. I can use port mirroring but i can capture only traffic generated from the devices in that port. I have multiple ports used in the mikrotik router.
Tried this guide:
I can see the network traffic coming in the linux box, but when i run suricata as the link says i get an error.
What type of error do you get?