I would like to ask if it is possible to find out in routeros if anybody is behind router(you give him one ip address, he has there router and share that connection between other computers). Normally you think that there is only one pc using that ip(you gave him to connect to you) but there is much more. Is that possible, if yes could you tell how?
You can monitor his traffic and check number of connections, number of new connections per second, if eh is using a router and sharing the connection with some other users, the numer of connection would be higher than with one PC. Just compare the traffic between your clients.
Regards.
Faton
Thanks for reply. But Is any other way? Some utility in routeros, that shows that ip behind router? Or something like that? It needs a lot of time to monitor every client. I was thinking of something simplier(to log it, or something like that).
Thanks for reply. But Is any other way? Some utility in routeros, that shows that ip behind router? Or something like that? It needs a lot of time to monitor every client. I was thinking of something simplier(to log it, or something like that).
Well… actually there is another way.
It works for most out-of-fabric configured routers, without much customization on them. Meaning no solid firewall blocking intrusions from outside, and so on…
This works if your client did not changed his router mac address.
- See what mac address your client has.
- See what producer belongs to. See what kind of routers does this producer.
- See default LAN address range of the routers.
- Put a route in your MT box, to that ip range, with gateway the address of the client /supposed router.
- Do an ip-scan for that range.
Or, in 99% of the cases, you can find it by adding a default route to 192.168.x.x address ranges with gw. his router, and doing ip-scan on it ( if you don’t have these as routes already on your machine.) 
Than you can find out even how many machines has he started behind the router.
( Remember, some routers will block you from doing this, and won’t even respond to your ping, but for a large number of them, it will work. )
And also, remember that large numbers of home routers have default ip in 192.168.0.x/24, 192.168.1.x/24 and 192.168.2.x/24 subnet.
Good luck.
My ISP found a way around that,
It drops everything that has not TTL = 128 and TTL = 64 witch meens that if some clients put a router to route internet to other subnet woun’t allow it, cause when it goes throu 1 router it becomes 127 and the ISPs router automaticly drops the requests.
I haven’t found a way to make this on MT, but I think on Cisco Routers you can do it.
yes, in MT you can only set TTL, not check it =(
Mikrotik Developers, could you please fix this?
yes it would be great to be that function in mikrotik!!!
mark the connection and change TTL of the connection on Ip/firewall/mangle, action.
thank you for your wise advise =) but we know how to change TTL. maybe you know, how to check TTL, without changing it? 