Hi All,
I use a Microtik HEX PoE router behind a firewall as our office router. Software version 6.38.5.
I am trying to use it to limit internet use, as we only have a 1,000 GB package per month. I installed SnifferViewer that logs some traffic (I think it mainly logs port 80 communication), and use a simple Queue to try and limit internet use. I currently have it set to a 64kbps for both up and downloads for all IP’s I could identify (using Angry IP Scanner and the IP’s identified by SnifferViewer (Attix5 Traffic Monitor)). This include all user IP’s, the VOIP IP, the WIFI IP.
However, logging into the ISP website I see that there are still massive downloads happening. According to them there was a 36.4 GB use today, while the Traffic Monitor only show around 400 MB for the day. The queue list on the Microtik only show 60 MiB …
Can anyone help me on how I can trace the user, and how I can stop this leak. I see that the Dude software can log more information but it does not work with the routerboard I have. Should I buy a different one that can perhaps make use of the Dude.
I have completely blocked the DHCP range as well as all IPs I do not know. Scripting is amazing I have to add.
Added a firewall rule for all IPs using the script below to check where there is communication:
:for i from=3 to=253 do={/ip firewall filter add chain=forward src-address=“192.168.0.$i” action=passthrough}
Gateway / DNS server is 254. Two owners IP’s are 1 and 2 but we are not massive users.
All IPs that shows communication have been added to a queue list to minimize bandwidth, but we still use around 10 - 20 GB per day (for 8 users …).
Note: I am no expert and do not want to mess around with firewall rules, but if need be I must turn to rules to block ports etc., but first I want to trace this user.