Community discussions

MUM Europe 2020
 
qwertysqwerty
just joined
Topic Author
Posts: 24
Joined: Sun Mar 30, 2014 12:43 am

Script and Syslog on Tx/Rx.

Sun Jun 08, 2014 1:27 am

What is the best way to trigger a message to my Syslog-ng server on my LAN when an interface is Tx/Rx data?

I have a device on my LAN which although I turn off, still seems to be communicating and I want to know when it is doing this. Ideally I'd also like to take a copy of all the traffic passing that port too in a pcap file.

Thanks.
 
qwertysqwerty
just joined
Topic Author
Posts: 24
Joined: Sun Mar 30, 2014 12:43 am

Re: Script and Syslog on Tx/Rx.

Sun Jun 08, 2014 2:24 am

Am I doing something wrong?

12 people have viewed this and still no response?...
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Script and Syslog on Tx/Rx.

Sun Jun 08, 2014 4:09 am

Where do you see the phantom communication? Remember that not all devices are really off when you press the button on remote.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Script and Syslog on Tx/Rx.

Sun Jun 08, 2014 4:12 am

You can add firewall rule with logging action in case of data transfer according to your criteria. If you want to be sure, switch it really off.
 
qwertysqwerty
just joined
Topic Author
Posts: 24
Joined: Sun Mar 30, 2014 12:43 am

Re: Script and Syslog on Tx/Rx.

Sun Jun 08, 2014 5:47 am

You can add firewall rule with logging action in case of data transfer according to your criteria. If you want to be sure, switch it really off.
I'm going to give this a go. But how can I take a copy of the traffic?
Where do you see the phantom communication? Remember that not all devices are really off when you press the button on remote.
A Philips "Smart TV".
 
qwertysqwerty
just joined
Topic Author
Posts: 24
Joined: Sun Mar 30, 2014 12:43 am

Re: Script and Syslog on Tx/Rx.

Mon Jun 09, 2014 3:49 am

Hello? 75 views and nobody can point a noob in the right direction on how to copy the traffic?...

I do however have my Syslog messages reporting the times and WAN IP the device is communicating with, which is progress.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Script and Syslog on Tx/Rx.

Mon Jun 09, 2014 8:13 am

Be patient. None is paid to give the solutions here... you can mirror port traffic to your computer with wireshark, for example. Haven't you tried it yet?
 
AlexS
Member Candidate
Member Candidate
Posts: 259
Joined: Thu Oct 10, 2013 7:21 am

Re: Script and Syslog on Tx/Rx.

Mon Jun 09, 2014 9:55 am

start a screen session on a linux box and then ssh to your routeros, setup a
/tool sniffer quick interface=<interface> and then save it to disk

leave it running


But the firewall rules should have given you enough info. src ip dst ip, mac address ports
 
qwertysqwerty
just joined
Topic Author
Posts: 24
Joined: Sun Mar 30, 2014 12:43 am

Re: Script and Syslog on Tx/Rx.

Tue Jun 10, 2014 10:24 pm

Thanks for the info.

Who is online

Users browsing this forum: JustDobby, tdw and 34 guests