Community discussions

 
CateFul
just joined
Topic Author
Posts: 16
Joined: Tue Jan 27, 2015 10:58 pm

Copy packets and send to destination

Fri Jun 16, 2017 4:51 pm

Is it possible to copy a packet passing through Mikrotik and forward to another host for analysis? I mean the original packet still goes through to its intended host and its copy goes to another host. I know the packet sniffer can do that but it's in TZSP. The analysis software is custom, not WireShark.
 
Shadeofspirit
Member Candidate
Member Candidate
Posts: 204
Joined: Fri May 27, 2016 12:15 am
Location: Minsk
Contact:

Re: Copy packets and send to destination

Fri Jun 16, 2017 5:26 pm

Is it possible to copy a packet passing through Mikrotik and forward to another host for analysis? I mean the original packet still goes through to its intended host and its copy goes to another host. I know the packet sniffer can do that but it's in TZSP. The analysis software is custom, not WireShark.
look information about calea package
MTCNA, MTCWE
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Copy packets and send to destination

Fri Jun 16, 2017 7:47 pm

You can have the MikroTik send flow data, NetFlow and IPFIX are supported. Hopefully the analysis software support those formats. Alternatively nProbe can receive NetFlow / IPFIX data and you may be able to write a plugin to have it export data in the format needed by your custom tool. I don't think NetFlow supports sending the whole packet if you need to look inside the encapsulated data though. It's useful for metric based information like how many packets of a particular protocol you're sending and between which parties.

What you're probably really after is port-mirroring. Aka Cisco SPAN. This will let you send all data for say an Ethernet port out another Ethernet port for collection.
 
CateFul
just joined
Topic Author
Posts: 16
Joined: Tue Jan 27, 2015 10:58 pm

Re: Copy packets and send to destination

Sat Jun 17, 2017 3:15 am

Thanks everyone!
Calea did the trick, and since its firewall based I can even do some filtering before sending the packet for further analysis.

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 113 guests