A friend introduced me to Mikrotik routers and configured a nice duel wireless infrastructure for my company.
I have a spare 450G and wanted to play around with it and I discovered a need/desire to have a device between my Internet router and firewall to monitor all traffic passing into and out of our network.
The Torch utility seems to offer everything I could ask for but I have to configure the router first.
My friend is on vacation for a few weeks and I don’t want to bother him as well as I would like to start learning some of this on my own.
I looked at all the helpfull start up documentation and did not see any scenarios that applied to my situation.
Can anyone help point me in the right direction??? keep in mind that I am a complete NUBIE (:
The easiest thing to do is to go to “/interface bridge” and add a new bridge, and add two ethernet interfaces to it. Plug the Internet router into one and the firewall into the other. Now you’re bridging all traffic between the two through the 450G and can use it to monitor the traffic on the bridge. You can assign an IP address on your inside network to a third port on the 450G and access it remotely.
Another options in additional to what Fewi suggested is to set up net flows. It would be the same basic configuration of a bridge with two Ethernet ports assigned to it, you would just now enable /ip traffic-flow and configure it. You will also need to set up a net-flows collector server to send this data for it to be processed and stored.
This will give you when a “flow” started, what IP it came from, where it went, what ports were used, the amount of traffic, etc. This way you can get the same basic information as torch and have it stored somewhere for future review.
There are several options for open source netflow collectors, they are just a bit of a pain to set up, and there are plenty of paid options. So choose one that fits your needs.