Community discussions

MUM Europe 2020
 
kostil
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Wed Jun 18, 2008 6:01 pm
Location: Moscow region, Russia

Mirror all traffic from one user to server

Mon Nov 16, 2009 10:50 am

hi all.

I need to analyze all traffic from on of my user. this user is connect by pppoe on mikrotik NAS. how can i mirror all traffic from this user to my server?

thnx.
 
kostil
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Wed Jun 18, 2008 6:01 pm
Location: Moscow region, Russia

Re: Mirror all traffic from one user to server

Tue Nov 17, 2009 6:58 pm

i was tryed calea. made all configurations like in http://wiki.mikrotik.com/wiki/CALEA, but no new files on the server.

there is my configuration
ip firewall calea print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=sniff-pc sniff-target=10.0.12.77 sniff-target-port=5555 sniff-id=100 
     src-address=172.16.176.188 
10.0.12.77 is the calea server ip
172.16.176.188 is the pppoe client ip
tool calea print 
Flags: X - disabled 
 0   case-id=100 case-name="" intercept-ip=10.0.15.26 intercept-port=5555 action=pcap 
     pcap-file-stop-interval=2m pcap-file-stop-size=5000 pcap-file-stop-count=3 
     pcap-file-hash-method=none 
the user was worked and there was up to 10Mbit traffic on it pppoe interface but no connections at all on calea server ip/firewall/connections from 10.0.15.26
there is ROS v4.2 on both box.
another bug - then i try to add calea firewall rule on my 10.0.15.26 all traffic is down. then i have reboot it it's begin to work but the calea is still don't work.

it's work a few times and then stoped. try another pppoe server - it's work!

is the anyone sniff traffic using action=sniff and tcpdump? give some examples of tcpdump line and ROS config.
any examples of configuring calea? any other ways to make sniff? any guesses about solve this problem?

how to config calea server to make raw files up to 100Mbyte with no thousand small files?

P.S. to Mikrotik team
VERY pure documentation of calea and no comments in ROS console by "?". why?

thnx
 
kostil
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Wed Jun 18, 2008 6:01 pm
Location: Moscow region, Russia

Re: Mirror all traffic from one user to server

Wed Nov 25, 2009 1:04 pm

try trafr today - it's dont work on slax 6.1.2

any ideas how to sniff tzsp?

Who is online

Users browsing this forum: ajoysys, Bing [Bot], Google [Bot], Kindis, mada3k, Renfrew, ste and 162 guests