https://xn--blgg-hra.no/2015/03/ids-with-mikrotik-and-snort/
tzsp2pcap
https://github.com/thefloweringash/tzsp2pcap
compile and prereqs
apt-get install libpcap-dev libpcap0.8
make
Running Wireshark
# ./tzsp2pcap -f | wireshark -i –
using this strips the tzsp headers and encapsulation headers

Using wireshark SSH remote capture
