hi all.
I need to analyze all traffic from on of my user. this user is connect by pppoe on mikrotik NAS. how can i mirror all traffic from this user to my server?
thnx.
i was tryed calea. made all configurations like in http://wiki.mikrotik.com/wiki/CALEA, but no new files on the server.
there is my configuration
ip firewall calea print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=sniff-pc sniff-target=10.0.12.77 sniff-target-port=5555 sniff-id=100
src-address=172.16.176.188
10.0.12.77 is the calea server ip
172.16.176.188 is the pppoe client ip
tool calea print
Flags: X - disabled
0 case-id=100 case-name="" intercept-ip=10.0.15.26 intercept-port=5555 action=pcap
pcap-file-stop-interval=2m pcap-file-stop-size=5000 pcap-file-stop-count=3
pcap-file-hash-method=none
the user was worked and there was up to 10Mbit traffic on it pppoe interface but no connections at all on calea server ip/firewall/connections from 10.0.15.26
there is ROS v4.2 on both box.
another bug - then i try to add calea firewall rule on my 10.0.15.26 all traffic is down. then i have reboot it it’s begin to work but the calea is still don’t work.
it’s work a few times and then stoped. try another pppoe server - it’s work!
is the anyone sniff traffic using action=sniff and tcpdump? give some examples of tcpdump line and ROS config.
any examples of configuring calea? any other ways to make sniff? any guesses about solve this problem?
how to config calea server to make raw files up to 100Mbyte with no thousand small files?
P.S. to Mikrotik team
VERY pure documentation of calea and no comments in ROS console by “?”. why?
thnx
try trafr today - it’s dont work on slax 6.1.2
any ideas how to sniff tzsp?