Problem running Traffic Flow

RouterOS General
1

Dear all,

I’m trying to collect Netflow/IPFIX data form a RB1102AHx2 box but I don’t receive anything and on the Traffic Flow Settings Status, all counters always show 0
Here are my config
enabled: yes
interfaces: Internal-lan
cache-entries: 16k
active-flow-timeout: 1m
inactive-flow-timeout: 15s

SRC-ADDRESS DST-ADDRESS PORT VERSION

0 0.0.0.0 192.168.0.253 1234 ipfix
Changed interfaces to wan but same result.

What am I missing ?

Thank you,

2

Hey

Which interfaces are in the list " Internal-lan"? It’s not empty right?

3

Thanks,

internal-lan is ether2, while wan is ether1

BR

4

See also https://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow

Normally that should be a single (two to change server address) step operation.

Post your config, so it can be consulted: /export hide-sensitive

5

Hi again,

Please find the config:

jul/09/2019 08:00:58 by RouterOS 6.44.3

software id = SBVX-T5T0

model = 1100AHx2

serial number =

/interface bridge
add admin-mac=xx auto-mac=no comment=
“created from master port” name=bridge1 protocol-mode=none
add admin-mac=yy auto-mac=no comment=
“created from master port” name=bridge2 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN-FO speed=100Mbps
set [ find default-name=ether2 ] name=ether2-LAN-OFFICE speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether12 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether13 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add disabled=no interface=ether1-WAN-FO name=pppoe-isp user=
pppoe-login@isp.com
/interface ethernet switch
set 0 mirror-source=ether1-WAN-FO mirror-target=ether5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Streaming regexp=“^.+(youtube.com|dailymotion.com|metacafe.com|ishare
.rediff.com|vimeo.com|frenchpopcorn.com|fullmoviz.org|full-stream.me|dpstr
eam.net|sokrostream.biz|seriezone.com|voirfilms.org|full-cinema.com|papyst
reaming.com|filmsvostfr.org).$"
add name=PORN regexp="^.+(veta|xxl|fory|beeg.com|vody|xvideos.com|vivid|XXX|tu
be|Babe|fuck|hardcore|adult|erotic|teen|PornHub|xHamster|sex|porn|boridana
|rulertube.com|slut|handjob|xvid|orgasm|H2porn|movies|88gal|youporn|eporne
r|mofosex|drtuber|xbabe|eroxia|deviantclip|apetube|anal|gangbang|orgy|piss
ing|blowjob|booty|tits|pussy|butt|fisting|dildo|voyeur|sucking|suck|dick|d
oggy|dp|hentai|dorcel|chobix|redtube|cum|youporn|exhib|cam|porndig|squirt|
milf|cock|erotic|sexe|xnxx|pornstar|camster|sexual|pornhub|porntube|IXXX|y
ourfreepron|pornovore|bestamt|tukif|frenchytube|rabbitfinder|voissa|sexylo
o).$”
add name=FB regexp=“^.+(facebook.com|youtube|badoo|m.facebook|dailymotion|twit
ter|instagram).$"
add name=PROXY regexp="^.+(hideme|proxy|youhide|anonysurfer.com|proxify|proxys
ite|hide.me|toolur|whoer.net|megaproxy|zend2|hidester|proxfree|proxy|unblo
ck|ultrasurf|anonym).$”
add name=TELECHARGEMENT regexp=“^.+(zone-telechargement.com).$"
add name=DOWN regexp=
"^.+(telechargement|telecharger|download|cpasbien|streem|stream).$”
add name=P2P regexp=“^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjun
kie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thund
erbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixf
lux|seedpeer|fenopy|gpirate|commonbits).$"
add name=TORRENT regexp="^.(get|GET).+(torrent|thepiratebay|isohunt|entertane
|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity
|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|full
dls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).$ "
add name=MKV regexp=“^.get.+\.mkv.$”
add name=AVI regexp=“^.get.+\.avi.$”
add name=DAT regexp=“^.get.+\.dat.$”
add name=FLV regexp=“^.get.+\.flv.$”
add name=ISO regexp=“^.get.+\.iso.$”
add name=APK regexp=“^.get.+\.apk.$”
add name=MPG regexp=“^.get.+\.mpg.$”
add name=MOV regexp=“^.get.+\.mov.$”
add name=WMA regexp=“^.get.+\.wma.$”
add name=WMV regexp=“^.get.+\.wmv.$”
add name=EXE regexp=“^.get.+\.exe.$”
add name=RAR regexp=“^.get.+\.rar.$”
add name=MP3 regexp=“^.get.+\.mp3.$”
add name=MP4 regexp=“^.get.+\.mp4.$”
add name=MSI regexp=“^.get.+\.msi.$”
add name=ZENMATE regexp="^.+(api.zenguard.biz|zenmate.io|zenguard.zendesk.com|
zendesk.com|zenguard.org).$\r
\n”
add name=BROWSEC regexp=“^.+(postls.com|postlm.com|posls.com).*\$\r
\n”
/ip pool
add comment=“192.168.0.20-192.168.0.69 201907060856” name=dhcp ranges=“192.168
.0.20-192.168.0.69,192.168.0.70-192.168.0.200,192.168.0.210-192.168.0.230”
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=7h name=dhcp2
/queue simple
add burst-threshold=2M/2M burst-time=5s/5s comment=“Rakibs-air Queue limit”
max-limit=1M/1M name=Test target=192.168.0.112/32 time=\

/queue type
add kind=pcq name=Upload-Queue pcq-burst-rate=6500k pcq-classifier=
src-address pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
add kind=pcq name=Download-Queue pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
/queue simple
add disabled=yes name=Queue-Limitation queue=Upload-Queue/default target=
192.168.0.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
add addresses=192.168.0.254/32 name=m1nDurOwnbuzz
/system logging action
set 1 disk-stop-on-full=yes
set 3 remote=192.168.0.254
/user group
add comment=“accounting user” name=sniffer policy=“ssh,read,!local,!telnet,!ft
p,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!a
pi,!romon,!dude,!tikapp”
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-LAN-OFFICE
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether8
add bridge=bridge2 interface=ether9
add bridge=bridge2 interface=ether10
add bridge=bridge2 interface=ether6
/interface l2tp-server server
set enabled=yes
/interface pptp-server server
set enabled=yes
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.252/30
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether12 network=
192.168.88.0
add address=192.168.0.1/24 interface=bridge1 network=192.168.0.0
/ip dhcp-server lease

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=nn.nn.nn.nn gateway=
192.168.0.1
/ip dns
set servers=nn.nn.nn.nn,pp.pp.pp.pp
/ip firewall address-list
/ip firewall filter
add action=accept chain=forward comment=“alibaba site” content=alibaba.com
src-address=192.168.0.0/24
add action=drop chain=forward comment=“DROP VPN / PPTP forward” protocol=gre
src-address=192.168.0.0/24
add action=drop chain=forward comment=“IPSEC-ESP F” protocol=ipsec-esp
src-address=192.168.0.0/24
add action=drop chain=forward comment=“IPSEC-AH F” protocol=ipsec-ah
src-address=192.168.0.0/24
add action=drop chain=input comment=“DROP VPN / L2TP” dst-port=500 protocol=
udp
add action=accept chain=forward comment=“Server Win 2012” src-mac-address=
74:D4:35:71:01:55
add action=drop chain=input comment=“NAT TRANSVERSAL” disabled=yes dst-port=
4500 protocol=udp
add action=drop chain=forward comment=Phone17 src-mac-address=
30:39:26:01:51:39
add action=drop chain=forward comment=Phone19 src-mac-address=
9C:A9:E4:32:7F:6B
add action=drop chain=forward comment=Android16 src-mac-address=
E4:32:CB:D0:74:FE
68:DF:DD:41:5B:A9
add action=drop chain=forward comment=Android581 src-mac-address=
14:9F:E8:F4:9E:4B
add action=drop chain=forward comment=RAR disabled=yes layer7-protocol=RAR
src-address=192.168.0.0/24
add action=drop chain=forward comment=MKV content=.mkv src-address=
192.168.0.0/24
add action=drop chain=forward comment=MOV content=.mov src-address=
192.168.0.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip proxy
set src-address=192.168.0.1
/ip route
add distance=1 gateway=pppoe-isp
/ip service
set telnet disabled=yes port=8023
set ftp disabled=yes
set www address=192.168.0.0/24 port=89
set ssh address=192.168.0.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set active-flow-timeout=1m cache-entries=16k enabled=yes interfaces=
ether2-LAN-OFFICE
/ip traffic-flow target
add dst-address=192.168.0.254 port=1234 version=ipfix
/snmp
set enabled=yes trap-community=m1nDurOwnbuzz trap-version=3
/system clock
set time-zone-name=Indian/xx
/system identity
set name=Anarana
/system ntp client
set enabled=yes primary-ntp=tt.tt.tt.tt server-dns-names=“”
/tool graphing interface
add interface=ether1-WAN-FO store-on-disk=no
add interface=bridge1 store-on-disk=no
add interface=ether1-WAN-FO store-on-disk=no
/tool graphing queue
/tool sniffer
set filter-interface=ether1-WAN-FO filter-ip-address=192.168.0.0/24
filter-ip-protocol=tcp filter-port=!996 filter-stream=yes
streaming-server=192.168.0.253

6

Sorry for duplicate

7

Hey

The ether2 is “slave”, as it’s part of bridge1.

/interface bridge port
add bridge=bridge1 interface=ether2-LAN-OFFICE
/ip traffic-flow
set active-flow-timeout=1m cache-entries=16k enabled=yes interfaces=ether2-LAN-OFFICE

Try monitoring bridge1 instead then.

8

Hi,

Thanks for your answer. I tried interface “all” and got data from mikrotik.

Thanks for your help !