[Mikrotik] Mikrotik Sniffing the Bridge

Butch Evans butche at butchevans.com
Tue Jan 22 10:38:05 CST 2008


On Sun, 20 Jan 2008, cyberdoc wrote:

>Is there an easy way that I can configure the BCU to pump out the 
>traffic on the bridge to the third network card?  I would like to 
>be able to sniff this data, perhaps sending it to a SNORT box for 
>review, or to NTOP to research the traffic on the network, or to 
>Ethereal for packet inspection.

>Right now, I have the third card tied to the bridge, but I am not 
>seeing a replica of the traffic that the other two cards are 
>passing.

What version of MT are you running?  You have some options, but some 
of them are pretty version dependant.  You could, for example, use 
the calea package.  Also, you can set up the traffic-flow (netflow) 
to send to ntop.  You can use the sniffer to stream to ethereal on a 
remote box.

-- 
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html



More information about the Mikrotik mailing list