It would be great to integrate trafr into trafshow. trafshow version 4.0 supports Cisco NetFlow, so it will be quite easy to integrate trafr into trafshow. Trafshow gives the ability to monitor trafic from hosts in realtime mode, an I think that many people will like it 
Hey , wait a minute !!!
Does Mikrotik support NetFlow ?
in v2.9 (already available in beta 8) we will have something similar to Ciscos’ NetFlow called TrafficFlow.
Edgars
Is that protocol “compatible” with NetFlow? I mean will software written for NetFlow v1 will work with TrafficFlow?
yes, they should be completely compatible.
Edgars
Hey, there is no TrafficFlow in 2.9beta8 !!! (Or I can’t see it :))
Edit:
I saw it /ip traffic-flow
but can you give me some more info about it. I need example configuration
Btw… I’ve make a patch for trafshow-3.1:
--- old/display.c 2004-12-12 22:56:40.000000000 +0200
+++ new/display.c 2004-12-12 00:27:13.000000000 +0200
@@ -437,80 +437,5 @@
get_keyb()
{
int ch;
-
- if ((ch = getch()) == ERR) error(1, "get_keyb: getch");
- switch(ch) {
- case ESC:
- switch(get_arrowkey(inputchar)) {
- case KEYMAP_UP:
- case KEYMAP_PAGE_UP:
- goto page_up;
- case KEYMAP_DOWN:
- case KEYMAP_PAGE_DOWN:
- goto page_down;
- case KEYMAP_LEFT:
- case KEYMAP_HOME:
- goto home_list;
- case KEYMAP_RIGHT:
- case KEYMAP_END:
- goto end_list;
- default:
- mvaddstr(LINES-1, COLS-13, " Bad command");
- return 0;
- }
- break;
-
- case 'k': /* line up */
- case ctrl('P'):
- case '\b': /* page up */
- case 'b':
- case ctrl('U'):
- case ctrl('B'):
-page_up:
- if (page > 0) page--;
- break;
-
- case 'j':
- case ctrl('N'): /* line down */
- case ' ': /* page down */
- case ctrl('D'):
- case ctrl('F'):
-page_down:
- if (page < n_entry/page_size) page++;
- break;
-
- case ctrl('A'): /* home */
-home_list:
- page = 0;
- break;
-
- case ctrl('E'): /* end */
-end_list:
- page = n_entry/page_size;
- break;
-
- case '\r': /* enter */
- case '\n':
- l_eflag ^= 1;
- break;
-
- case '\t': /* tab */
- l_nflag ^= 1;
- break;
-
- case 'q': /* quit */
- cleanup(SIGINT);
-
- case ctrl('L'): /* refresh screen */
- clear();
- header_line();
- scr_redraw(FALSE);
- scr_update();
- break;
-
- default:
- mvaddstr(LINES-1, COLS-13, " Bad command");
- return 0;
- }
return 1;
}
--- old/trafshow.c 2004-12-12 22:56:40.000000000 +0200
+++ new/trafshow.c 2004-12-11 17:46:22.000000000 +0200
@@ -144,31 +144,38 @@
}
/* Find network interface */
- if (device_name == NULL &&
+ if (device_name == NULL && infile == NULL &&
(device_name = pcap_lookupdev(ebuf)) == NULL)
error(0, ebuf);
/* Attach pcap to the network interface */
- if ((pd = pcap_open_live(device_name, snaplen, !pflag, 1000, ebuf)) == NULL)
+ if (infile != NULL) {
+ device_name = "file";
+ pd = pcap_open_offline(infile, (char*)ebuf);
+ op = DLT_EN10MB;
+ }
+ else {
+ if ((pd = pcap_open_live(device_name, snaplen, !pflag, 1000, ebuf)) == NULL)
error(0, ebuf);
- if ((op = pcap_snapshot(pd)) > snaplen) snaplen = op;
- op = pcap_datalink(pd);
+ if ((op = pcap_snapshot(pd)) > snaplen) snaplen = op;
+ op = pcap_datalink(pd);
+ }
- if (eflag && op != DLT_EN10MB
+ if (infile == NULL && eflag && op != DLT_EN10MB
#ifdef DLT_IEEE802
&& op != DLT_IEEE802
#endif
) error(0, "interface %s not an Ethernet", device_name);
- if (pcap_lookupnet(device_name, &localnet, &netmask, ebuf) < 0)
+ if (infile == NULL && pcap_lookupnet(device_name, &localnet, &netmask, ebuf) < 0)
error(0, ebuf);
/* Get back to user process after socket has been opened */
setuid(getuid());
/* Read out the user filter expression */
- if (infile) expr = read_infile(infile);
- else expr = copy_argv(&argv[optind]);
+// if (infile) expr = read_infile(infile);
+ expr = copy_argv(&argv[optind]);
/* and compile it */
if (pcap_compile(pd, &fcode, expr, Oflag, netmask) < 0 ||
@@ -188,8 +195,13 @@
init_display(FALSE);
- if (pcap_loop(pd, cnt, lookup_if(op), NULL) < 0)
- error(0, pcap_geterr(pd));
+/* if (infile != NULL) {
+ if (pcap_loop(pd, -1, lookup_if(op), NULL) < 0)
+ error(0, pcap_geterr(pd));
+ }else {
+*/ if (pcap_loop(pd, cnt, lookup_if(op), NULL) < 0)
+ error(0, pcap_geterr(pd));
+// }
pcap_close(pd);
cleanup(0);
}
after applying the patch recompile trafshow and now you can use trafr with it.
Example command line:
trafr -s | trafshow -F -
Problems known:
keyboard keys can’t be used (because of workaround made)
Will we be able to have protocol accounting with “/ip traffic-flow” ?
In other words, can we collect specific protocol transfer statistics inbound and outbound for items such as HTTP, SMTP, POP3, etc.
IP Accounting is nice but our more sophisticated customers are demanding protocol accounting.
[ASM],
the docs are not ready yet, but we are working on this.
Edgars