One of my sites is undergoing some increase in anomalous traffic activity pointed at one of our ingress endpoints (a mikrotik router.)
* Is it possible to mirror an interface traffic so I can do further analysis on the ingress traffic?
* Can I log all SYN packets ingressing to an interface?
Thank you!