Hiyall!
How can one introduce a MT device on the ETH cable between 2 hosts and use port mirroring to capture all the bidirectional traffic between those two?
I'm talking about ROS7(.9) here, both with MT devices with and without switch chips.
Any help is highly appreciated!
Re: Sniffing traffic with port mirroring
Port mirroring is a switch ASIC feature, so I don't think you can mirror with an MT device without a switch. See Bridge-based port mirroring
And mirroring is different than capturing. It is essentially a "tap" for another device that will capture the traffic (e.g. something running wireshark or dumpcap). You may want to watch this Chris Greer video where he uses a Raspberry Pi 4 to capture, but you can use a PC as well).
What exactly do you want to do?
And mirroring is different than capturing. It is essentially a "tap" for another device that will capture the traffic (e.g. something running wireshark or dumpcap). You may want to watch this Chris Greer video where he uses a Raspberry Pi 4 to capture, but you can use a PC as well).
What exactly do you want to do?
Re: Sniffing traffic with port mirroring
I'll be capturing the traffic between the two hosts with a laptop whose' NIC is in promiscuous mode. I'll be more like a one time event, so no fancy setups are needed, but speeds might reach near few hundred Mbps for a few minutes.
Re: Sniffing traffic with port mirroring [SOLVED]
Here is the relevant documentation: https://help.mikrotik.com/docs/display/ ... tMirroring
I have never used this feature, I have a CSS106-5G-1S (RB260GS) with SwOS that I use as a network tap, and it is more flexible.
Here's a youtube video (in Dutch?) Mikrotik port mirror configuration where the configuration begins. The source is one of the ports you want to see traffic on, the destination is the mirror port you will be monitoring from.
The google translation of the video description to English is:
How can you see all traffic on a particular interface with your PC?
In this tutorial I will show you how to configure port mirror on the Mikrotik router.
I have never used this feature, I have a CSS106-5G-1S (RB260GS) with SwOS that I use as a network tap, and it is more flexible.
Here's a youtube video (in Dutch?) Mikrotik port mirror configuration where the configuration begins. The source is one of the ports you want to see traffic on, the destination is the mirror port you will be monitoring from.
The google translation of the video description to English is:
How can you see all traffic on a particular interface with your PC?
In this tutorial I will show you how to configure port mirror on the Mikrotik router.
Re: Sniffing traffic with port mirroring
Hmm, pretty straightforward! Thanks!
Assuming all is implemented correctly and the switch really captures ingress and egress port traffic, it should work just fine for my needs. In my case it should be simple because I only have 2 hosts on the same switch, so what's egress traffic for one should be ingress for the other and vice versa.
I'd still appreciate a similar solution with bridges, for when I don't have a MT device with a switch chip in it.
Assuming all is implemented correctly and the switch really captures ingress and egress port traffic, it should work just fine for my needs. In my case it should be simple because I only have 2 hosts on the same switch, so what's egress traffic for one should be ingress for the other and vice versa.
I'd still appreciate a similar solution with bridges, for when I don't have a MT device with a switch chip in it.