What is the best way to trigger a message to my Syslog-ng server on my LAN when an interface is Tx/Rx data?
I have a device on my LAN which although I turn off, still seems to be communicating and I want to know when it is doing this. Ideally I’d also like to take a copy of all the traffic passing that port too in a pcap file.
Thanks.
Am I doing something wrong?
12 people have viewed this and still no response?..
Where do you see the phantom communication? Remember that not all devices are really off when you press the button on remote.
You can add firewall rule with logging action in case of data transfer according to your criteria. If you want to be sure, switch it really off.
I’m going to give this a go. But how can I take a copy of the traffic?
A Philips “Smart TV”.
Hello? 75 views and nobody can point a noob in the right direction on how to copy the traffic?..
I do however have my Syslog messages reporting the times and WAN IP the device is communicating with, which is progress.
Be patient. None is paid to give the solutions here… you can mirror port traffic to your computer with wireshark, for example. Haven’t you tried it yet?
start a screen session on a linux box and then ssh to your routeros, setup a
/tool sniffer quick interface= and then save it to disk
leave it running
But the firewall rules should have given you enough info. src ip dst ip, mac address ports
Thanks for the info.