Community discussions

MikroTik App
 
sniper88
just joined
Topic Author
Posts: 10
Joined: Fri Apr 13, 2018 5:17 pm

Mikrotik sniffer droped packets

Mon Dec 03, 2018 10:26 am

Hello,
I want to know if there is a method to use the sniffer tool or something else to catch all dropped traffic from firewall. I would like to know if there are some rules that drop something and then allow the traffic if this is good. I would use it for debug purpose.
Is there a solution with the sniffer or another method to do this?
Thanks in advance.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik sniffer droped packets

Mon Dec 03, 2018 11:52 am

Hi

Sniffer will capture all traffic on the interface / wire, so in incoming side before any rules are applied, and on the outgoing side after all changes/filtering has been applied.
Basically what one would see in the wire.
 
argusb
just joined
Posts: 13
Joined: Thu Jun 21, 2018 3:29 pm

Re: Mikrotik sniffer droped packets

Mon Dec 03, 2018 1:57 pm

Hello,
I want to know if there is a method to use the sniffer tool or something else to catch all dropped traffic from firewall. I would like to know if there are some rules that drop something and then allow the traffic if this is good. I would use it for debug purpose.
Is there a solution with the sniffer or another method to do this?
Thanks in advance.
You can also accomplish this goal by enabling logging on your drop rules ( or by making an explicit log + drop rule after your accept rules ).
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Mikrotik sniffer droped packets

Mon Dec 03, 2018 2:00 pm

another way - mangle has action "sniff-tzsp". If you can define your rule in mangle same way as in filter, it will be evaluated before filter and therefore you can sniff packets which will be dropped in the next step. That of course means almost doubling your whole firewall rules... not sure if it is worth it...
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1764
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: Mikrotik sniffer droped packets

Mon Dec 03, 2018 2:06 pm

instead accept or drop, use jump to specific custom Firewall chain, where you can have rule that logs , and rule that accepts or drops.

Who is online

Users browsing this forum: Google [Bot] and 97 guests