Are there effective methods to monitor and detect potential unauthorized data transmission from my computer or within my home network? Specifically, can checking the router firewall for TCP connections serve this purpose, or should I consider analyzing all protocols?
My plan involves creating a script that runs every 20 seconds and provides a log of the connections established by my computer. However, I encountered an issue while attempting to extract only the destination addresses (dst-address) from the firewall connections. I used the following code:
:foreach i in=[/ip firewall connection find where src-address~“10.0.0.111”] do={[/ip firewall connection get value-name=dst-address number=$i]}
Curiously, I discovered that the “print” command cannot be used in this particular context. Could you explain why this limitation exists?
Assuming my approach is correct, what would be the most effective way to investigate the results? Is it advisable to send the destination addresses (dst-address) to a syslog server?
Moreover, I would like to know if there is a way to configure the firewall to send syslog messages or any other notifications when new connections are initiated from within the internal network. This would allow me to capture information about all protocols, including UDP, ICMP, and others, that might be missed when running the script every 20 seconds.
I appreciate any guidance you can provide on these matters.