[Mikrotik] Mikrotik Sniffing the Bridge

cyberdoc cyberdoc at astro.cmreynolds.org
Tue Jan 22 22:22:22 CST 2008


Hello Butch,

I am running MikroTik RouterOS 2.9.50. 

As this is uncharted water for me, I'd appreciate the "dummies" version 
of any sort of instructions or methods to achieve our goal. 

Inside our test environment, I did use the sniffer option, but the 
system utilization spiked pretty hard.  Then again, that test device was 
a RouterBoard with the lighter processor; I am hoping that the Pentium 
III 800 MHz that is installed at our primary location (and another CPU 
that is my main backup) is strong enough to handle the load.  All three 
NIC cards are PCI bus... the 2 main bridge "lanes" with the live traffic 
are Gigabit cards, and the third card for sniffing is a 10/100.

I will revisit the sniffer option, and see if that delivers what we are 
looking for.



Christian

Butch Evans wrote:
> On Sun, 20 Jan 2008, cyberdoc wrote:
>
>   
>> Is there an easy way that I can configure the BCU to pump out the 
>> traffic on the bridge to the third network card?  I would like to 
>> be able to sniff this data, perhaps sending it to a SNORT box for 
>> review, or to NTOP to research the traffic on the network, or to 
>> Ethereal for packet inspection.
>>     
>
>   
>> Right now, I have the third card tied to the bridge, but I am not 
>> seeing a replica of the traffic that the other two cards are 
>> passing.
>>     
>
> What version of MT are you running?  You have some options, but some 
> of them are pretty version dependant.  You could, for example, use 
> the calea package.  Also, you can set up the traffic-flow (netflow) 
> to send to ntop.  You can use the sniffer to stream to ethereal on a 
> remote box.
>
>   



More information about the Mikrotik mailing list