Community discussions

MikroTik App
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Tool: Realtime per IP traffic monitor for home/office

Fri Sep 27, 2013 1:27 pm

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:

Image

It is also extremely useful to see the traffic shaping effects when playing around with shaping rules on your Mikrotik router. It uses the Accounting feature of your router.

The tool with basic instructions is attached to this post or you can download it from the links below.

I hope this can be of use to someone! Comments welcome. :)

Daniel

PS: I know this is technically not a 'sniffer' but it actually started off as one so the name stuck.

EDIT:
I added a new version to this post (V1.0.3). Download the service and viewer from the links below. I had to split them because the forum does not allow files larger than 1 MB any more.
Change Log:
V1.0.3 (2014-06-24)
Download: Viewer and Service
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
V1.0.2 (2014-01-15)
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt
You do not have the required permissions to view the files attached to this post.
Last edited by danielm on Thu Jun 26, 2014 3:45 pm, edited 7 times in total.
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Realtime per IP Mikrotik traffic monitor for home/office

Fri Sep 27, 2013 2:36 pm

Link doesn't seem to work? But it looks cool.

Sent from my SCH-I545 using Tapatalk 4
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Fri Sep 27, 2013 2:58 pm

Link doesn't seem to work? But it looks cool.
Odd, it works in my browser. The zipfile is also attached to the message if the link does not work for some reason.
 
kashifmac2005
newbie
Posts: 28
Joined: Thu Aug 22, 2013 9:27 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Fri Sep 27, 2013 3:48 pm

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Fri Sep 27, 2013 4:03 pm

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer
Not sure I understand the question. This tool shows all traffic going through the router (Lan to Internet) and shows host names. Sounds like that is what you need?
 
01101110110110
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Apr 12, 2012 8:19 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Sun Sep 29, 2013 6:32 pm

This looks really useful, I'll give it a try and report back.
 
01101110110110
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Apr 12, 2012 8:19 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Sun Sep 29, 2013 6:51 pm

Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ? You have all these columns but I can't use them to sort the list and see which user has the highest send/receive or total download...etc. Or the ability to filter, i.e monitor a few specific IP's, known downloaders and such, perhaps a list ? Anyways, great work, I've been looking for something like this for a while, and its fairly simple to get working.

edit:
you may wanna double check the numbers, for some reason its reporting some of my IP's over their 1mb limit, but I have winbox opened and its barely close to the limit
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Sun Sep 29, 2013 9:41 pm

Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ? You have all these columns but I can't use them to sort the list and see which user has the highest send/receive or total download...etc. Or the ability to filter, i.e monitor a few specific IP's, known downloaders and such, perhaps a list ? Anyways, great work, I've been looking for something like this for a while, and its fairly simple to get working.

edit:
you may wanna double check the numbers, for some reason its reporting some of my IP's over their 1mb limit, but I have winbox opened and its barely close to the limit
Thanks for the feedback, glad you like it! The colour scheme is the same as the one used in munin. The columns are sorted by total transfer size (sum of up and down traffic) i.e. your top users will be listed first. Active users (>= 100kbps up or down) will be marked in bold so they will stand out anyway. Our office is only 16 people so showing the 30 most active ones is really sufficient. On a Lan with more than 30 machines all IP's generating traffic are always shown but all the ones more than 30 are summed together as 'other' on the graph.

I'm surprised to hear your numbers are out because I find it very accurate. I do use a 5 second running average, however, so you will see some smoothing out. But a sustained load should be reflected quite accurately. I would be curious what other users experience.
 
kashifmac2005
newbie
Posts: 28
Joined: Thu Aug 22, 2013 9:27 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Mon Sep 30, 2013 7:37 am

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer
Not sure I understand the question. This tool shows all traffic going through the router (Lan to Internet) and shows host names. Sounds like that is what you need?
yes and host names of internet ip address i knw not all the ips are resolvable 100% but can help who is surfing what thanks brother
 
User avatar
stmx38
Long time Member
Long time Member
Posts: 617
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Realtime per IP Mikrotik traffic monitor for home/office

Mon Sep 30, 2013 10:42 am

danielm,
Thank you for nice tool!
Do you have any plans to add browsers support as viewers ?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Realtime per IP Mikrotik traffic monitor for home/office

Mon Sep 30, 2013 10:52 am

danielm,
Thank you for nice tool!
Do you have any plans to add browsers support as viewers ?
Thanks. No, sorry, no such plans at this time.
 
eXtremer
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 26, 2010 10:33 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 24, 2013 3:43 pm

Great app, thank you!
Karma +1

Is it possible to add sorting by day, week, month ?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 24, 2013 4:00 pm

Is it possible to add sorting by day, week, month ?
eXtremer, do you mean having a daily/weekly/monthly graph?
 
eXtremer
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 26, 2010 10:33 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 24, 2013 4:43 pm

Is it possible to add sorting by day, week, month ?
eXtremer, do you mean having a daily/weekly/monthly graph?
Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 24, 2013 6:19 pm

Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year if anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.
Last edited by danielm on Fri Oct 25, 2013 3:11 pm, edited 1 time in total.
 
eXtremer
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 26, 2010 10:33 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 25, 2013 10:24 am

Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year of anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.
Post the plugin please, I installed the munin Windows version, I hope I will have no troubles configuring it.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 25, 2013 2:17 pm

Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year of anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.
Post the plugin please, I installed the munin Windows version, I hope I will have no troubles configuring it.
Here you go. Note that it is written in python so you will need that too.
I'm no python programmer, so it can probably be done much cleaner. But it does the job.

The daily graph looks like this:

Image
You do not have the required permissions to view the files attached to this post.
Last edited by danielm on Tue Jul 01, 2014 5:52 pm, edited 1 time in total.
 
User avatar
jp
Long time Member
Long time Member
Posts: 609
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 25, 2013 11:06 pm

Neat looking tool, does the munin plugin connect to the mikrotik or the windows box running your software? I've downloaded and am playing with it.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Oct 26, 2013 9:32 pm

Neat looking tool, does the munin plugin connect to the mikrotik or the windows box running your software? I've downloaded and am playing with it.
It connects to the service on the Windows box.
 
ctng
just joined
Posts: 1
Joined: Sun Dec 08, 2013 10:00 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Dec 08, 2013 10:05 pm

Good day,
please can anyone assist in setting up attrix5. i configured it to listen on port 85 and i get this message on the snifferservice.txt file on the service PC
cannot get traffic:connect timeout. (172.0.0.1:80)
the viewer screen is blank.

please assist
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Dec 16, 2013 9:41 am

Good day,
please can anyone assist in setting up attrix5. i configured it to listen on port 85 and i get this message on the snifferservice.txt file on the service PC
cannot get traffic:connect timeout. (172.0.0.1:80)
the viewer screen is blank.

please assist
Is 172.0.0.1 your mikrotik? Did you enable accounting? You should get traffic info when you enter 172.0.0.1 in your browser.
 
jemp
just joined
Posts: 13
Joined: Fri Aug 16, 2013 1:50 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Dec 17, 2013 5:34 pm

Hi Daniel
Tnx for this program.. works great..
I need more of these tools..
Indeed also for Saving and monitoring for month statistics.. per user, or per IP...
Keep up the good work
Do you have a website , where we can follow this ?
Tnx

JP
 
User avatar
Stillhard
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Sun Jun 10, 2012 11:18 am
Location: Banten, Indonesia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Dec 17, 2013 7:58 pm

thx danielm, this tool working great here.

Can you make this tool to accept different subnet too?
I want to capture for ex. 192.168.0.0/24 and 10.100.100.0/24
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 18, 2013 11:27 am

Indeed also for Saving and monitoring for month statistics.. per user, or per IP...
JP,

Glad you like it. To keep track of monthly usage you can set this setting in the SnifferService.ini file:
ClearSchedule=monthly
This will store the usage for the whole month (instead of just one week) and also write out a CSV file i.e.
201312.txt (yyyymm.txt) in the service folder.

Sorry, there is no website at this time.

Daniel
 
jemp
just joined
Posts: 13
Joined: Fri Aug 16, 2013 1:50 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 18, 2013 2:05 pm

Daniel
tnx for tip..
the Save File does not work.. like said, one can choose a folder, but nothing is saved..
Would there be an update ?
Tnx in advance
JP
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 18, 2013 2:53 pm

JP,

I'd rather remove that feature since it saves the values as "34.66 GB and "12.34 MB" instead of byte values. Best would be let the service create the file.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 18, 2013 2:54 pm

thx danielm, this tool working great here.

Can you make this tool to accept different subnet too?
I want to capture for ex. 192.168.0.0/24 and 10.100.100.0/24
Anything is possible :)

I'll see if I can add capability to accept comma delimited values for network and mask.
 
ircome
just joined
Posts: 9
Joined: Sun Nov 24, 2013 4:49 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Dec 24, 2013 12:30 pm

hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also
 
ircome
just joined
Posts: 9
Joined: Sun Nov 24, 2013 4:49 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 25, 2013 10:05 am

ohhhh
no any bodi there?
i really need this app!!!!
plz help me
 
scracha
newbie
Posts: 25
Joined: Fri Dec 27, 2013 3:28 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Dec 27, 2013 3:30 am

Service log has following:-
"Error: Cannot execute C:\Program Files\Sniffer\Service\plink.exe"

Win XP home so can't be UAC. Any ideas anyone?
 
ircome
just joined
Posts: 9
Joined: Sun Nov 24, 2013 4:49 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jan 07, 2014 2:29 pm

hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also

i can make this software to do but i usage with mikrotik hotspot so viewer can only shown to me any ip that added to ip bindig:(
i wanna find what port usage with this app to allow to this.
help me
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jan 12, 2014 1:39 am

This is a great utility, just what i needed.
Is it also somehow possible to see the hosts name, next to the Ip address (in my case the hosts name dont always show up)?
Also how do i now disable the logs in mikrotik router, for the ssh sniffer user ( now my logs are full with the "sniffer" user, log-in and log-out?

Thank you
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 4:52 pm

This is a great utility, just what i needed.
Is it also somehow possible to see the hosts name, next to the Ip address (in my case the hosts name dont always show up)?
Also how do i now disable the logs in mikrotik router, for the ssh sniffer user ( now my logs are full with the "sniffer" user, log-in and log-out?

Thank you
imaljko4,

If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 4:57 pm

hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also

i can make this software to do but i usage with mikrotik hotspot so viewer can only shown to me any ip that added to ip bindig:(
i wanna find what port usage with this app to allow to this.
help me
Hi ircome

Did you manage to get http://192.168.88.1/accounting/ip.cgi to show in a browser? If so how because I have the same problem at a particular site where hotspot is used and I don't know how to get around it (I cannot access the mikrotik accounting page from a browser or from the sniffer)
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 4:59 pm

Service log has following:-
"Error: Cannot execute C:\Program Files\Sniffer\Service\plink.exe"

Win XP home so can't be UAC. Any ideas anyone?
Can you run plink.exe from cmd line?
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 6:13 pm

If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik
You are wright, the host-names do show up, just they sometimes get lost when my server-computer(with sniffer service running) resumes from standby.
So when my computer resumes from standby i had to stop/start the sniffer service, and then i got the host-names again.

Thanks
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 8:56 pm

One more question; is it possible to monitor Ip addresses for 2 networks?

On my Mikrotik router i have :
network 1 : 192.168.1.0/24
network 2: 10.0.0.0/24

I would like to monitor Ip addresses on both networks.

So how do i need to change the values in the SnifferService.ini file?
Something like this or?
#Capture packets from this network (ignore internal traffic) - network 1
Network=192.168.1.0
Mask=255.255.255.0

#Capture packets from NETWORK 2

Network=10.0.0.0
Mask=255.255.255.0

#Mikrotik Server
Mikrotik=192.168.1.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=XXXXX
Thank you for help
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 13, 2014 10:13 pm

If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik
You are wright, the host-names do show up, just they sometimes get lost when my server-computer(with sniffer service running) resumes from standby.
So when my computer resumes from standby i had to stop/start the sniffer service, and then i got the host-names again.

Thanks
It should refresh every 5 mins. Just give it a while.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jan 15, 2014 11:21 am

One more question; is it possible to monitor Ip addresses for 2 networks?
Now you can :) . I have added this feature and added all the info below to the first post of this thread.

Changes are
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt
Download link: Sniffer-2014-01-15.zip
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jan 15, 2014 11:45 am

Great! Thank you very much!
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 16, 2014 4:36 am

Tested on 3 different Windows 7 machines and all I see in the log is:

2014/01/16 12:26:07 - Info: Starting up sniffer service
2014/01/16 12:26:07 - Info: Mikrotik user: sniffer
2014/01/16 12:26:07 - Info: Mikrotik IP: 172.16.0.1

Then nothing in the viewer. It doesn't seem as though the SnifferService.exe continues running after that point?
Is there any way to see more debug info?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 16, 2014 8:37 am

omega-00,

There are a number of checks described in readme.txt that you can do. Basically you want to check:
- you can access the traffic info on the mikrotik from a browser running on the machine where the sniffer service runs
- when you start the service you want to see that the user 'sniffer' logs in on the mikrotik (check mikrotik logs)
- then check you can see traffic and ips using a browser to connect to the service
- then start the viewer

Does the service crash at that point or is it still running?
 
jemp
just joined
Posts: 13
Joined: Fri Aug 16, 2013 1:50 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 16, 2014 7:55 pm

Tnx Daniel and Happy 2014
Love this new version... works great, monitoring 2 network segments..
Keep U the good work
JP, Antwerp
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jan 17, 2014 3:24 am

- can access the traffic page from the machine running the sniffer service (http://ipaddress/accounting/ip.cgi loads, can see traffic listed)
- can't see user 'sniffer' login to the mikrotik (user account is present on the mikrotik) no user login error shows in the log either
telnet and ssh are available from the machine running the sniffer service to the mikrotik

service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jan 17, 2014 8:32 am

Firstly, is plink.exe available in the same folder as snifferservice.exe? Can you execute it successfully from command line?

Otherwise it may be a config issue - the app does not tolerate an invalid config very well (I guess I can improve that at some stage). Can you perhaps post your snifferservice.ini file?
 
lucianog
just joined
Posts: 14
Joined: Mon Apr 30, 2012 8:43 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jan 18, 2014 3:05 am

Firstly, is plink.exe available in the same folder as snifferservice.exe? Can you execute it successfully from command line?

Otherwise it may be a config issue - the app does not tolerate an invalid config very well (I guess I can improve that at some stage). Can you perhaps post your snifferservice.ini file?
I have the same problem, since I can run the console plink.exe and is in the same folder where is stored snifferservice.exe.
This is my configuration snifferservice.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.80.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.80.1:8292
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

Thanks for your suggestions
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jan 18, 2014 4:41 am

I have the same problem, since I can run the console plink.exe and is in the same folder where is stored snifferservice.exe.
Can you make sure that the sniffer service is running (after install i had to manually start the "sniffer service" under control panel- "services")?
Also can you access the http://ipaddress/accounting/ip.cgi page?
if yes, then "danielm" will have to help you out :) But would be good if you can also post the "SnifferService.log" file.
 
lucianog
just joined
Posts: 14
Joined: Mon Apr 30, 2012 8:43 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jan 18, 2014 6:22 am

Can you make sure that the sniffer service is running (after install i had to manually start the "sniffer service" under control panel- "services")?
Yes!!!
Image
Also can you access the http://ipaddress/accounting/ip.cgi page?
Yes!!!
Image
if yes, then "danielm" will have to help you out :) But would be good if you can also post the "SnifferService.log" file.
My SnifferService.log file:
2014/01/17 21:37:58 - Info: Starting up sniffer service
2014/01/17 21:37:58 - Info: Mikrotik user: sniffer
2014/01/17 21:37:58 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:38:33 - Info: Starting up sniffer service
2014/01/17 21:38:33 - Info: Mikrotik user: sniffer
2014/01/17 21:38:33 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:38:43 - Info: Starting up sniffer service
2014/01/17 21:38:43 - Info: Mikrotik user: sniffer
2014/01/17 21:38:43 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:39:07 - Info: Starting up sniffer service
2014/01/17 21:39:07 - Info: Mikrotik user: sniffer
2014/01/17 21:39:07 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:43 - Info: Starting up sniffer service
2014/01/17 21:41:43 - Info: Mikrotik user: sniffer
2014/01/17 21:41:43 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:57 - Info: Starting up sniffer service
2014/01/17 21:41:57 - Info: Mikrotik user: sniffer
2014/01/17 21:41:57 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:57 - Info: Networks specified: 1
2014/01/17 21:41:57 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/17 21:41:57 - Info: SnifferService Port: 80
2014/01/17 21:41:57 - Info: Service started
2014/01/17 21:41:57 - Error: Cannot execute C:\Service\plink.exe 
2014/01/17 21:58:02 - Info: Starting up sniffer service
2014/01/17 21:58:02 - Info: Mikrotik user: sniffer
2014/01/17 21:58:02 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:58:09 - Info: Starting up sniffer service
2014/01/17 21:58:09 - Info: Mikrotik user: sniffer
2014/01/17 21:58:09 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:58:09 - Info: Networks specified: 1
2014/01/17 21:58:09 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/17 21:58:09 - Info: SnifferService Port: 80
2014/01/17 21:58:09 - Info: Service started
2014/01/17 21:58:09 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
2014/01/18 01:05:45 - Info: Service stopped
2014/01/18 01:16:14 - Info: Starting up sniffer service
2014/01/18 01:16:14 - Info: Mikrotik user: sniffer
2014/01/18 01:16:14 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/18 01:16:14 - Info: Networks specified: 1
2014/01/18 01:16:14 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/18 01:16:14 - Info: SnifferService Port: 80
2014/01/18 01:16:14 - Info: Service started
2014/01/18 01:16:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
2014/01/18 01:16:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
We add the following information:
OS: Windows XP Pro SP3 x86 (Spanish Edition)
Firewall OS: Off
Antivirus: None
.Net Framework: None

Thanks in advance
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jan 18, 2014 8:31 am


#Mikrotik Server
Mikrotik=192.168.80.1:8292
I see a problem. The 'mikrotik' setting does not support a port. At the moment it defaults to port 80.

Edit: it defaults to port 80 for web traffic and port 22 for ssh.
 
lucianog
just joined
Posts: 14
Joined: Mon Apr 30, 2012 8:43 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 3:35 am

Hello danielm foremost appreciate your response.
I mention that I changed the port Mikrotik Web service, from 8292 to 80.
I verify that I can access via browser http://192.168.80.1/accounting/ip.cgi

With the following results:
Image

I also keep seeing in the log file indicating that the line can not run the program plink.exe located in the same folder as SnifferService.exe
Image

Of course I appreciate your comments
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 11:45 am

lucianog,

Please try the attached service (just replace the existing exe file). It has some extra debugging info. Upload your logfile again.
You do not have the required permissions to view the files attached to this post.
 
lucianog
just joined
Posts: 14
Joined: Mon Apr 30, 2012 8:43 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 2:16 pm

Hi Danielm:
This is the information requested:
Image

Thanks in advance!
 
lucianog
just joined
Posts: 14
Joined: Mon Apr 30, 2012 8:43 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 2:36 pm

SOLVED!!
Hi Danielm
The problem was on the SSH port, I changed it to 222 of 22

Thanks for the support!
 
User avatar
Stillhard
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Sun Jun 10, 2012 11:18 am
Location: Banten, Indonesia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 2:55 pm


#Mikrotik Server
Mikrotik=192.168.80.1:8292
I see a problem. The 'mikrotik' setting does not support a port. At the moment it defaults to port 80.

Edit: it defaults to port 80 for web traffic and port 22 for ssh.
Weird, im my conf, it works fine with other port other than the default just like lucianog's conf 8)
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 20, 2014 4:32 pm

Weird, im my conf, it works fine with other port other than the default just like lucianog's conf 8)
Hmm, it turns out you can indeed specify a port in the .ini file. It is used for http but ignored for SSH (by plink.exe). So if you specify 192.168.88.1:8080 it will be used as follows

- to get traffic, sniffer will connect to http://192.168.88.1:8080
- to get DNS and DHCP, sniffer will connect to 192.168.88.1:22 using ssh

So you MUST use port 22 for SSH (in the current version), as lucianog discovered :)
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jan 21, 2014 8:13 am

service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.
Omega-00, do give the updated snifferservice.exe a try. If it still fails you can execute plink.exe from the command line using the same parameters as in the logfile to see what results you get.
 
rodasram
just joined
Posts: 3
Joined: Thu Jan 23, 2014 5:06 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 23, 2014 5:43 pm

Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.
 
rodasram
just joined
Posts: 3
Joined: Thu Jan 23, 2014 5:06 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 23, 2014 5:45 pm

Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jan 24, 2014 11:53 am

Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.
Easiest and best option is to add them as DNS entries on your Mikrotik. The app will then display them correctly if the ssh setup is done as described in the readme.

Alternatively create a file and specify it in IPSource entry for Sniffer.ini
i.e. ips.txt
192.168.1.1=firewall
192.168.1.2=server1
192.168.1.20=my pc
However, this would ignore all DNS and DHCP info from the mikrotik server.
 
rodasram
just joined
Posts: 3
Joined: Thu Jan 23, 2014 5:06 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jan 24, 2014 5:11 pm

Thanks! the equals sign is the clue!
 
User avatar
bax
Member Candidate
Member Candidate
Posts: 268
Joined: Mon Dec 20, 2004 8:45 pm
Location: Croatia

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Feb 08, 2014 5:50 pm

Avira - antivirus is also complain ... but it works ...
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Feb 12, 2014 12:04 pm

Avira - antivirus is also complain ... but it works ...
I have submitted a false positive notification to Avira
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Feb 14, 2014 4:43 pm

Response from Avira:

Please find a detailed report concerning each individual sample below:

Filename Result
SnifferService.exe FALSE POSITIVE

The file 'SnifferService.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.11.131.42.
 
silversword
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Jul 23, 2013 3:36 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Feb 14, 2014 5:08 pm

Of course if you have a MikroTik...the easiest way to view live data is:
Tools | Torch
LAN traffic use bridge-local interface
Internet traffic use ether1-gateway

:)
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Feb 17, 2014 1:21 pm

:lol:
 
palindrom
just joined
Posts: 1
Joined: Thu Mar 20, 2014 8:47 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Mar 20, 2014 8:51 am

hello daniel, i got these messages in snifferservice.log
2014.03.20 12:37:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:42:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:47:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
what is plink.exe?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Mar 20, 2014 5:07 pm

hello daniel, i got these messages in snifferservice.log
2014.03.20 12:37:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:42:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:47:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
what is plink.exe?
plink.exe does the ssh comms with your mikrotik.

Try to run it from the command line e.g.:
plink.exe sniffer@192.168.88.1

You should be able to connect to the mikrotik.
 
KiyasMocha
just joined
Posts: 5
Joined: Wed Apr 02, 2014 2:07 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Apr 07, 2014 8:06 am

I've the same problem here >_<

I can't see from MikroTik logs that user: sniffer logging in. but I can see http://ipaddress/accounting/ip.cgi

please guide me :) I'm new to this great things, I really am thank you anyway :)
You do not have the required permissions to view the files attached to this post.
 
KiyasMocha
just joined
Posts: 5
Joined: Wed Apr 02, 2014 2:07 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Apr 08, 2014 10:22 am

this is my screenshot
You do not have the required permissions to view the files attached to this post.
 
KiyasMocha
just joined
Posts: 5
Joined: Wed Apr 02, 2014 2:07 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 10, 2014 3:40 pm

I always get this error ><
You do not have the required permissions to view the files attached to this post.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Apr 12, 2014 2:56 pm

works awesome, thanks for sharing!!!!!!
 
florianGinier
just joined
Posts: 1
Joined: Thu Apr 17, 2014 11:58 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Apr 22, 2014 6:01 pm

Hello everyone.

I'm a French student in computer networks and I must admit that you have done an amazing job.
Nevertheless, I would like to know if there is a possibility to export a daily basis of the real time capture without using munin ?
The goal is to find which IP uses more bandwidth in the day.

If you know any other scripts/tools/programs that can do that, I'm interested !

Thank you everyone and goodbye !
 
himawarichan
just joined
Posts: 2
Joined: Tue Apr 29, 2014 6:24 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Apr 29, 2014 6:31 am

Hi Daniel,

I am so happy that I found this tool you made. Thanks for your effort, great effort :)
It's the tool which I've been searched for a while, and now I found it.

I successfully set this tool on my computer, and the service runs well.
I just do not have understanding about the munin plugin you post. How does that plugin applied to the tool?

Please enlighten me.

Again, many thanks for your great effort :)

Cheers
 
dw5304
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Tue Apr 12, 2011 9:36 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu May 01, 2014 5:08 pm

tool works great.
I have a small request seeing that we have multiple mikrotik devices can you make it so u can install the service as another name so we have unique instances of the service running to "segment" the bandwidth? thanks.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 05, 2014 4:35 am

service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.
Omega-00, do give the updated snifferservice.exe a try. If it still fails you can execute plink.exe from the command line using the same parameters as in the logfile to see what results you get.
I'm using the new snifferservice.exe.

Executing/logging in via plink.exe manually works fine. Gives me the MT command prompt as expected.

Executing the new snifferservice.exe just generates the following 3 lines; from command line the app appears to start then stop straight away. :-(
2014/05/05 11:17:31 - Info: Starting up sniffer service
2014/05/05 11:17:31 - Info: Mikrotik user: sniffer
2014/05/05 11:17:31 - Info: Mikrotik IP: 192.168.252.1
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 05, 2014 6:39 pm

Hello everyone.

I'm a French student in computer networks and I must admit that you have done an amazing job.
Nevertheless, I would like to know if there is a possibility to export a daily basis of the real time capture without using munin ?
The goal is to find which IP uses more bandwidth in the day.

If you know any other scripts/tools/programs that can do that, I'm interested !

Thank you everyone and goodbye !
You can just interrogate the sniffer service using rest to get realtime traffic info. Just go to the snifferservice ip address using a browser. The headers are at the top.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 05, 2014 6:40 pm

tool works great.
I have a small request seeing that we have multiple mikrotik devices can you make it so u can install the service as another name so we have unique instances of the service running to "segment" the bandwidth? thanks.
Ah, good idea. Will look into that.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 05, 2014 6:43 pm

I'm using the new snifferservice.exe.
Are you using the service exe posted in this thread on 14 March 2013 (top of page 2)?
 
maxkomp
just joined
Posts: 1
Joined: Sun May 11, 2014 1:45 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun May 11, 2014 1:48 pm

Thanks daniel, It So Works beautiful
 
KiyasMocha
just joined
Posts: 5
Joined: Wed Apr 02, 2014 2:07 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 12, 2014 6:20 am

please anyone, help me!!! >_<
 
tussockland
just joined
Posts: 15
Joined: Fri May 16, 2014 1:08 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 13, 2014 3:36 pm

Hi Daniel, been trying to get it to work on my RB750UP, but it is set up as a basic Switch (bridge) not using DHCP etc, should it still work somehow? Is there any extra settings I need to consider?
-Currently i can get service running, login etc, but error in log file of "Cannot get traffic: Connect timed out."
-Also i get nothing when I try web browser http://192.168.178.14:80/accounting/ip.cgi
-have checked and allowed port 80 on firewall.
I note you say in the file "The setup works best when you use the miktorik router for DCHP and optionally DNS" ... so it gives me hope it may still work for me??

SETTINGS:
[Settings]
#Required settings are uncommented
#Defaults are shown
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.178.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0
#Mikrotik Server
Mikrotik=192.168.178.14
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi
#Alternative service port to listen on
#ServicePort=80
#Convert static DNS names to uppercase
#UppercaseStatic=1
#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com
#Clear values weekly (default) or monthly
ClearSchedule=weekly

SNIFFER LOG:
2014/06/14 00:26:02 - Info: Starting up sniffer service
2014/06/14 00:26:02 - Info: Mikrotik user: sniffer
2014/06/14 00:26:02 - Info: Mikrotik IP: 192.168.178.14
2014/06/14 00:26:02 - Info: Networks specified: 1
2014/06/14 00:26:02 - Info: Monitoring network: 192.168.178.0/255.255.255.0
2014/06/14 00:26:02 - Info: SnifferService Port: 80
2014/06/14 00:26:02 - Info: Service started
2014/06/14 00:28:40 - Error: Cannot get traffic: Connect timed out. (192.168.178.14:80)
2014/06/14 00:28:41 - Error: Cannot get traffic: Connect timed out. (192.168.178.14:80)

Webpage 192.168.178.55/ip from an External computer:
DHCP Leases:
=
Static DNS:
192.168.1.1=localrouter
208.67.220.220=opendns2
208.67.222.222=opendns
DHCP: 1
Static: 3
---------------
Total: 4

Looks like this is the problem?? but i've no idea how to fix it...

Regards, Richard
 
Cliff
just joined
Posts: 9
Joined: Fri Jul 05, 2013 1:57 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jun 16, 2014 4:33 am

Hello, I have the issue.
Can you help me?

Mikrotik http port: 81
Using Windows 8.1 Pro (x86)
Using Mikrotik 6.14

SnifferService.ini file:
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=172.29.10.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=172.29.10.1
MikrotikSSHUser=admin
MikrotikSSHPassword=xxx
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly
SnifferService.log file:
2014.06.16 12:23:56 - Info: Starting up sniffer service
2014.06.16 12:23:56 - Info: Mikrotik user: admin
2014.06.16 12:23:56 - Info: Mikrotik IP: 172.29.10.1
2014.06.16 12:23:56 - Info: Networks specified: 1
2014.06.16 12:23:56 - Info: Monitoring network: 172.29.10.0/255.255.255.0
2014.06.16 12:23:56 - Info: SnifferService Port: 81
2014.06.16 12:23:56 - Info: Service started
2014.06.16 12:23:59 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2014.06.16 12:24:01 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2014.06.16 12:24:04 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
etc
Winbox log:
Jun/16/2014 12:24:10 user admin logged in from x.x.x.x via ssh
Jun/16/2014 12:24:10 user admin logged out from x.x.x.x via ssh
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 19, 2014 4:17 pm

OK, I have finally found the trick to get plink.exe working. The problem lies in the fact that plink does not yet trust the ssh connection to the mikrotik box. The first time you connect plink asks you to add the host key to your registry and you must answer yes.

SO, open a command prompt and execute the following command from your snifferservice folder (specify the mikrotik router ip):
plink 192.168.88.1


The output looks like this:
C:\Program Files\Sniffer\Service>plink 192.168.88.1
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you
think it is.
The server's dss key fingerprint is:
ssh-dss 1024 xxxxxxxxx
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the connection.
Store key in cache? (y/n) y
login as: sniffer
That's it. Just Ctrl-C to exit. Now restart the sniffer service and confirm you see the user sniffer log in to the router.
Last edited by danielm on Mon Jul 07, 2014 11:38 am, edited 1 time in total.
 
edi1979
just joined
Posts: 2
Joined: Sat Apr 14, 2012 5:02 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jun 25, 2014 9:57 pm

Hi. I just want to know if it is possible to monitor more than 1 mikrotik on the same viewer ?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 26, 2014 3:34 pm

Hi. I just want to know if it is possible to monitor more than 1 mikrotik on the same viewer ?
No, you can't
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 26, 2014 3:42 pm

Hi All,

V1.0.3 is available and includes the following changes:
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
Download: Viewer and Service
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 26, 2014 4:32 pm

Hi Daniel, been trying to get it to work on my RB750UP, but it is set up as a basic Switch (bridge) not using DHCP etc, should it still work somehow? Is there any extra settings I need to consider?
-Currently i can get service running, login etc, but error in log file of "Cannot get traffic: Connect timed out."
-Also i get nothing when I try web browser http://192.168.178.14:80/accounting/ip.cgi
-have checked and allowed port 80 on firewall.
I note you say in the file "The setup works best when you use the miktorik router for DCHP and optionally DNS" ... so it gives me hope it may still work for me??
Richard,

If you don't use DHCP that should not be an issue - you just won't see names next to the IP's. your problem lies in the fact that you cannot access http://192.168.178.14:80/accounting/ip.cgi. If you can't then the sniffer can't. I assume 192.168.178.14 is your mikrotik?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 26, 2014 4:35 pm

Hi Daniel,

I am so happy that I found this tool you made. Thanks for your effort, great effort :)
It's the tool which I've been searched for a while, and now I found it.

I successfully set this tool on my computer, and the service runs well.
I just do not have understanding about the munin plugin you post. How does that plugin applied to the tool?

Please enlighten me.

Again, many thanks for your great effort :)

Cheers
The munin plugin is just to keep track of traffic for longer than 100 seconds. Draws graphs etc. If you are not familiar with munin i'd give it a skip.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jun 26, 2014 4:38 pm

I always get this error ><
KiyasMocha, post your snifferservice.ini file. From the screenshot it looks like there it is incorrectly configured.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 4:37 pm

Hello, I have the issue.
Can you help me?

Mikrotik http port: 81
Using Windows 8.1 Pro (x86)
Using Mikrotik 6.14
Cliff,

You need to specify the custom http port 81 in the following setting in snifferservice.ini.
Mikrotik=172.29.10.1:81
The setting 'ServicePort' is for the sniffer service to listen on a different port than 80.
 
User avatar
nabeelryk
just joined
Posts: 24
Joined: Thu Jun 06, 2013 1:56 pm
Location: Pakistan
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 4:43 pm

hi I have installed snifferservice.exe and configured snifferservice.ini successfully.

as I am using hotspot on LAN interface so port 80 is used by my hotspot and I have changed router service port to 88.
so my accounting address is http://192.168.0.1:88/accounting/ip.cgi and I can see log in my browser. So I have changed accounting path in services.ini
AccountingPath=http://192.168.0.1:88/accounting/ip.cgi
but still I an getting this error, the problem is its still looking for traffic at port 80 I don't know why. I did specified port and address. Will you please help me thanks.
2014/06/27 18:27:38 - Error: Cannot get traffic: Connect timed out. (192.168.0.1http:80)
just changed
Mikrotik=192.168.0.1
to
Mikrotik=192.168.0.1:88
and its working now thanks
just a quick question how can I see a whole month log at once ?
Last edited by nabeelryk on Fri Jun 27, 2014 5:24 pm, edited 1 time in total.
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 5:10 pm

Hi

Can not get the SnifferService.exe to run , If I run the SnifferService.exe I don't see the Service "Sniffer" in Services Manage
Pc is running on Windows 7
The log file ol has this in:
2014/06/27 16:05:15 - Info: Mikrotik user: sniffer
2014/06/27 16:05:15 - Info: Mikrotik IP: 192.168.0.1

Bigfoo
Last edited by Bigfoot on Fri Jun 27, 2014 6:04 pm, edited 2 times in total.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 5:40 pm

..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 5:43 pm

Hi

Can not get the SnifferService.exe to run , If I run the SnifferService.exe I don't see the Service "Sniffer" in Services Manage
Pc is running on Windows 7
The log file ol has this in:
2014/06/27 16:05:15 - Info: Mikrotik user: sniffer
2014/06/27 16:05:15 - Info: Mikrotik IP: 192.168.0.1

Bigfoot
It is a service, you can't just double-click it. You must install it as per instructions in the readme file.
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 6:12 pm

Sorry missed that one got the service to work

Now I get:

2014/06/27 16:56:17 - Info: Starting up sniffer service
2014/06/27 16:56:17 - Info: Mikrotik user: sniffer
2014/06/27 16:56:17 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 16:57:00 - Info: Starting up sniffer service
2014/06/27 16:57:00 - Info: Mikrotik user: sniffer
2014/06/27 16:57:00 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:05 - Info: Starting up sniffer service
2014/06/27 17:00:06 - Info: Mikrotik user: sniffer
2014/06/27 17:00:06 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:07 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout
2014/06/27 17:00:27 - Info: Starting up sniffer service
2014/06/27 17:00:27 - Info: Mikrotik user: sniffer
2014/06/27 17:00:27 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:27 - Info: Networks specified: 1
2014/06/27 17:00:27 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2014/06/27 17:00:27 - Info: SnifferService Port: 81
2014/06/27 17:00:27 - Info: Service started
2014/06/27 17:00:29 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 6:29 pm

Sorry missed that one got the service to work

Now I get:

2014/06/27 17:00:27 - Info: Starting up sniffer service
2014/06/27 17:00:27 - Info: Mikrotik user: sniffer
2014/06/27 17:00:27 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:27 - Info: Networks specified: 1
2014/06/27 17:00:27 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2014/06/27 17:00:27 - Info: SnifferService Port: 81
2014/06/27 17:00:27 - Info: Service started
2014/06/27 17:00:29 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout
So can you connect to http://192.168.0.1/accounting/ip.cgi with a browser? If not you have not set up accounting correctly on mikrotik. Follow readme.txt
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 6:47 pm

Yes, I use http://192.168.0.1:81/accounting/ip.cgi

213.199.179.167 192.168.0.48 97 2 * *
192.168.0.16 194.27.183.245 296 6 * *
172.24.73.229 192.168.0.48 953 9 * *
192.168.0.16 207.46.194.8 3457 22 * *
172.25.97.219 192.168.0.48 320 5 * *
192.168.0.15 157.55.56.141 63 1 * *
197.79.14.150 192.168.0.16 404 7 * *
172.25.98.34 192.168.0.19 691 5 * *
172.24.80.54 192.168.0.48 1596 20 * *
85.200.100.228 192.168.0.16 232 4 * *
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 6:53 pm

I see traffic text - http://localhost:82/ip
DHCP Leases:
192.168.0.10=*****************
192.168.0.11=*****************
192.168.0.12=*****************
192.168.0.13=*****************
192.168.0.14=*****************
192.168.0.15=*****************
192.168.0.157=*****************
192.168.0.16=*****************
192.168.0.17=*****************
192.168.0.19=*****************
192.168.0.20=*****************
192.168.0.21=*****************
192.168.0.22=*****************
192.168.0.23=*****************
192.168.0.24=*****************
192.168.0.25=*****************
192.168.0.33=*****************
192.168.0.34=*****************
192.168.0.36=*****************
192.168.0.37=*****************
192.168.0.48=*****************
192.168.0.52=*****************
192.168.0.84=*****************
Static DNS:
192.168.0.1=*****************

DHCP: 23
Static: 1
---------------
Total: 24
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 7:01 pm

Thx, Got it working.
changed :
#Mikrotik Server
Mikrotik=192.168.0.1:81
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 27, 2014 9:50 pm

Thx, Got it working.
changed :
#Mikrotik Server
Mikrotik=192.168.0.1:81
Great, tx for sharing
 
User avatar
nabeelryk
just joined
Posts: 24
Joined: Thu Jun 06, 2013 1:56 pm
Location: Pakistan
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jun 28, 2014 12:43 am

..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?
whole month as a graph, and is there any way to record the websites users view, as I am using Radius so sorry to say that but radius is doing all the job of accounting and loging of user data per session and I have almost 3 years data per user now in my radius I was kind of searching some thing that can record or show what websites users visited (this is now required due to government policy for all WISP to keep 1 year record of user activity).
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jun 28, 2014 10:15 pm

..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?
whole month as a graph, and is there any way to record the websites users view, as I am using Radius so sorry to say that but radius is doing all the job of accounting and loging of user data per session and I have almost 3 years data per user now in my radius I was kind of searching some thing that can record or show what websites users visited (this is now required due to government policy for all WISP to keep 1 year record of user activity).
For a graph you'll have to take a look at the munin script I posted earlier in this thread. It talks to the snifferservice and plots the info of 30 most active users (per IP). But you'll need some experience with munin and linux. As for the visited sites I'm afraid I can't help.
 
pizzonia
just joined
Posts: 16
Joined: Mon May 06, 2013 8:16 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jun 29, 2014 1:58 pm

Win machine is needed running 24/7?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jun 30, 2014 11:43 am

Win machine is needed running 24/7?
Only if you need accurate values for the amount of data transferred per ip for the week. You might also notice a spike in measured traffic when the service starts up due to the build-up of accounting data. Other than that no issue.
 
hamidbhatti
just joined
Posts: 6
Joined: Fri May 09, 2014 7:25 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jul 02, 2014 5:24 am

Dear danielm,

Thanks for this awesome utility. I install it a month ago, its works fine.
Now i enable Mikrotik Web Proxy(transparent mode) and i observe that the tool doesn't show me the real bandwidth utilization of users.
Do i need to made some changes to work with Web Proxy?

thanks in advance.
You do not have the required permissions to view the files attached to this post.
Last edited by hamidbhatti on Sat Jul 05, 2014 7:22 am, edited 1 time in total.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jul 02, 2014 12:55 pm

Dear danielm,

Thanks for this awesome utility. I install it a month ago, its works fine.
No i enable Mikrotik Web Proxy(transparent mode) and i observe that the tool doesn't show me the real bandwidth utilization of users.
Do i need to made some changes to work with Web Proxy?

thanks in advance.
Hmm, when you use a web proxy the traffic does not go through the router as normal, instead it terminates on the router and the router makes a new connection to the internet. I'm not sure how this is handled in accounting. (You can try switching on 'account local traffic' in accounting perhaps?)

What I can tell you is the logic in the sniffer. For the sniffer to count a packet the source must be local (according to the specified network and mask) and the target must not be local. Or the other way round. If both are local (or both are not local for some reason) it is not counted because we are interested in Local -> Internet traffic.
 
hamidbhatti
just joined
Posts: 6
Joined: Fri May 09, 2014 7:25 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 05, 2014 6:44 am

Dear danielm.

Thanks for your brief reply. I have tested it with "account-local-traffic=yes" but no such success. as you mentioned, traffic redirected to proxy doesn't count.
for my understanding is it possible to count the per ip traffic on a particular interface (i.e LAN) with dst-address=!local for upload and dst-address=local for download.
As TORCH tool does on an interface(i think its also using ip accounting, but not pretty sure :( ).

Thanks and regards,
You do not have the required permissions to view the files attached to this post.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 05, 2014 6:30 pm

Dear danielm.

Thanks for your brief reply. I have tested it with "account-local-traffic=yes" but no such success. as you mentioned, traffic redirected to proxy doesn't count.
for my understanding is it possible to count the per ip traffic on a particular interface (i.e LAN) with dst-address=!local for upload and dst-address=local for download.
As TORCH tool does on an interface(i think its also using ip accounting, but not pretty sure :( ).

Thanks and regards,
OK, let's do an experiment. If the mikrotik accounting reports the traffic from the LAN to the router then we can show that. I have added some logic to do that. Grab the service attached below and specify
MeasureTrafficToRouter=1
in the ini file. Also set account-local-traffic=yes on your mikrotik.

It should show all traffic going through the router as well as LAN traffic to and from the router.

I have not tested this yet so no guarantees :) Let me know how it goes.
You do not have the required permissions to view the files attached to this post.
 
hamidbhatti
just joined
Posts: 6
Joined: Fri May 09, 2014 7:25 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 07, 2014 7:09 am

Thanks dear danielm.

Seems start working, i will test it further.

really thankful for your time and efforts.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 07, 2014 11:29 am

Thanks dear danielm.

Seems start working, i will test it further.

really thankful for your time and efforts.
hamidbhatti, that's good news! It was a fairly small change so I don't expect other things to break, but do let me know if you find something odd.
 
anon3778
just joined
Posts: 7
Joined: Wed Mar 05, 2014 6:15 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 14, 2014 11:56 am

Hi danielm. Is there any way to clear the log in SniffViewer.exe? The clear button only clears the graph but the total of sent and received data is not cleared. I have also tried to modify the log in traffic.txt but it doesn't seem to work. I need to clear all the sent and received data and hopefully you can help to do so. Thanks.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 14, 2014 12:15 pm

Hi danielm. Is there any way to clear the log in SniffViewer.exe? The clear button only clears the graph but the total of sent and received data is not cleared. I have also tried to modify the log in traffic.txt but it doesn't seem to work. I need to clear all the sent and received data and hopefully you can help to do so. Thanks.
Yes sure. Just stop the service, delete traffic.txt and start it up again.
 
Skyflash
just joined
Posts: 4
Joined: Thu Jun 05, 2014 2:55 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 10:50 am

I really thank you for this great tool :)

Only one question: i have a RB1100 with some different internal "phisical" networks (192.168.1.0/24; 192.168.2.0/24; 10.0.0.0/24) attached on the respective RJ45 interfaces, and the "RED" interface connected to the WAN

How can i use your tool for monitor everything? :D
 
Skyflash
just joined
Posts: 4
Joined: Thu Jun 05, 2014 2:55 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 11:33 am

I have a suggestion for a next release :)

In my LAN i have some Windows DNS servers, that serve the Windows domain. Can you add an option for connect the viewer to a dns service instead the ips.txt file?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 12:10 pm

I really thank you for this great tool :)

Only one question: i have a RB1100 with some different internal "phisical" networks (192.168.1.0/24; 192.168.2.0/24; 10.0.0.0/24) attached on the respective RJ45 interfaces, and the "RED" interface connected to the WAN

How can i use your tool for monitor everything? :D
Skyflash, glad you like it. Note this comment in snifferservice.ini:
#Capture packets from this network
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same. 
So for you that would mean
Network=192.168.1.0,192.168.2.0,10.0.0.0
Mask=255.255.255.0,255.255.255.0,255.255.255.0
 
Skyflash
just joined
Posts: 4
Joined: Thu Jun 05, 2014 2:55 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 1:03 pm

Oh, thank you again. I didn't read the configuration notes... My mistake :D
 
User avatar
kameelperdza
Member
Member
Posts: 468
Joined: Thu Nov 27, 2008 11:45 am
Location: Oudtshoorn, South Africa

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 4:21 pm

Thank you.
Nice Tool
 
User avatar
Etz
Member Candidate
Member Candidate
Posts: 178
Joined: Thu Mar 27, 2014 10:09 am
Location: Estonia

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 17, 2014 11:20 pm

Great tool, thank you :)
 
Andoniiiiii
just joined
Posts: 4
Joined: Mon Dec 23, 2013 6:22 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 24, 2014 4:45 pm

Very nice tool, Works fine. Thanks...

I was wondering if you can show realtime Internet connections, I have worked with Watchguard and it has an utility in their firebox system that is called HostWatch:

http://cicorp.com/internet/firewall/Wat ... tWatch.jpg

The "only" thing they do is to put in Graphical mode what you see in IP/Firewall/Connections Tab on RouterOS, but is very nice tool...

Kind regrads,
Andoni.
 
Andoniiiiii
just joined
Posts: 4
Joined: Mon Dec 23, 2013 6:22 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 24, 2014 4:59 pm

Very nice tool, thanks.

I was wondering if it could be posible to show active connections (IP/Firewall/Connections tab) in graphical mode, I have worked with Watchguard and it have a tool called HostWatch that is very nice too( see attached hostwatch.png)

Kind Regards,
Andoni.
You do not have the required permissions to view the files attached to this post.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jul 25, 2014 11:39 am

Very nice tool, Works fine. Thanks...

I was wondering if you can show realtime Internet connections, I have worked with Watchguard and it has an utility in their firebox system that is called HostWatch:

http://cicorp.com/internet/firewall/Wat ... tWatch.jpg

The "only" thing they do is to put in Graphical mode what you see in IP/Firewall/Connections Tab on RouterOS, but is very nice tool...

Kind regrads,
Andoni.
Andoni,

Unfortunately the Sniffer was not designed to show the target IPs. It does not even track them at all.

Regards,
Daniel
 
Andoniiiiii
just joined
Posts: 4
Joined: Mon Dec 23, 2013 6:22 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jul 25, 2014 6:15 pm

Thanks anyway for a great tool. :)
 
User avatar
PCNetworks
newbie
Posts: 35
Joined: Tue Feb 19, 2013 7:57 am
Location: California

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jul 27, 2014 11:36 pm

Thank you danielm for the contribution

!PROBLEM SOLVED!

In the Viewer INI file I un-commented
#Incoming and outgoing max bandwith (not required, for display purposes only)
LineCapacityInbit=1000000
LineCapacityOutbit=512000
All is functioning now, thank you for the great tool.

I have downloaded both he service and viewer files.
Created the SSH user & group on the MT router enabled accounting, set the web access accepted IP.

When i access the router VIA http://10.0.0.1/accounting/ip.cgi.... The browser displays the following in example.
123.237.20.244 10.0.0.248 2032 2 * *
31.13.70.65 10.0.0.248 51963 52 * *
68.67.128.240 10.0.0.248 1368 3 * *
I have copied the Server & Client files into C:\Program Files\Sniffer\

When I start the Sniffer Service, the log SnifferService.log displays the following:
2014/07/27 13:09:53 - Info: Starting up sniffer service
2014/07/27 13:09:53 - Info: Mikrotik user: sniffer
2014/07/27 13:09:53 - Info: Mikrotik IP: 10.0.0.1
When I open the Viewer however, the application fields are not populated with any network statistics.

Can someone possibly help me with determining my error in configuration?

Below are the Service & Viewer INI configs.
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=10.0.0.0/24,192.168.0.0/24
Mask=255.255.255.0,255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=10.0.0.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

#Convert static DNS names to uppercase
UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
ServiceName=Sniffer
ServiceDisplayName=Sniffer
VIEWER
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
IPSource=http://10.0.0.1
IPSource=c:\temp\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000
Thank you and best regard
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 28, 2014 11:48 am

Network=10.0.0.0/24,192.168.0.0/24
This should be without the '/.24'
 
Markwinstanley
just joined
Posts: 4
Joined: Fri Jun 13, 2014 10:40 am
Location: USA
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 28, 2014 12:33 pm

Will it work for Non mikrotik if not is there any other available?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 28, 2014 2:24 pm

Will it work for Non mikrotik if not is there any other available?
Highly unlikely. Your router must provide accounting info on http in this format (at the very least):
98.168.180.128 192.168.20.11 44 1 * *
23.57.219.27 192.168.21.46 52 1 * *
41.164.145.141 8.8.8.8 65 1 * *
173.194.67.95 192.168.21.13 52 1 * *
192.168.20.11 86.178.40.138 52 1 * *
 
donaldf
just joined
Posts: 1
Joined: Tue Jul 29, 2014 8:11 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jul 29, 2014 8:24 am

Great program, thank you for this. It makes my life a lot easier finding workstations that are using large amounts of bandwidth.

I have a question: We have a DC that controls DNS and DHCP. Is there a way for me to see the hostnames? At the moment it is blank, as DNS and DHCP is not handled by the MikroTik.
 
sammy66
just joined
Posts: 2
Joined: Tue Jul 29, 2014 2:42 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jul 29, 2014 3:06 pm

Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ?
 
DarrenCarterSA
just joined
Posts: 4
Joined: Fri Feb 14, 2014 4:15 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jul 30, 2014 2:06 pm

You're a star! This is just what I have been looking for!

Brilliant! :D
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 31, 2014 4:42 pm

Great program, thank you for this. It makes my life a lot easier finding workstations that are using large amounts of bandwidth.

I have a question: We have a DC that controls DNS and DHCP. Is there a way for me to see the hostnames? At the moment it is blank, as DNS and DHCP is not handled by the MikroTik.
Yes, working on that :)
 
dennix2014
just joined
Posts: 2
Joined: Tue Jun 03, 2014 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Aug 04, 2014 7:22 pm

Ip accounting is not working on the specified machine. If i enter http://192.168.1.98/accounting/ip.cgi (192.168.1.98 is the ip address of my mikrotik router), i always get "ERROR 401:UNATHORISED" . The following screenshot shows that ip accounting is enabled and web access for the specified machine is allowed. Does any body have any idea why this is happening. Any help will be highly appreciated.
You do not have the required permissions to view the files attached to this post.
 
hamidbhatti
just joined
Posts: 6
Joined: Fri May 09, 2014 7:25 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Aug 06, 2014 8:08 am

Dear danielm.

I was wondering if i can add two routers with same network. i.e.

network : 10.0.0.0/8

#Mikrotik Server
Mikrotik: 10.0.0.1/8
Mikrotik: 10.0.1.1/8

Clients may switch to any gateway with same ip address.

thanks and regards,

Hamid Mehmood
 
NullKelvin
just joined
Posts: 1
Joined: Wed Aug 06, 2014 8:22 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Aug 06, 2014 8:29 am

Dear danielm.

Thank you for this great tool. It almost perfect for me :)

Can you add optional function in SnifferService, for resolving reverse DNS entries through specific server?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Aug 10, 2014 10:38 pm

Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ?
Added option to change the color scheme and sort by ip. Will be in next release
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Aug 10, 2014 10:40 pm

Dear danielm.

I was wondering if i can add two routers with same network. i.e.

network : 10.0.0.0/8

#Mikrotik Server
Mikrotik: 10.0.0.1/8
Mikrotik: 10.0.1.1/8

Clients may switch to any gateway with same ip address.

thanks and regards,

Hamid Mehmood
No, unfortunately that is not supported.
 
marcdebeer
just joined
Posts: 1
Joined: Thu Aug 14, 2014 1:17 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Aug 14, 2014 1:23 pm

Thanks for this tool its great! Any particular reason why I only get Send Speed data back and no Recv Speed?
You do not have the required permissions to view the files attached to this post.
 
WilluX
just joined
Posts: 1
Joined: Thu Aug 14, 2014 5:37 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Aug 14, 2014 5:57 pm

Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?
 
dw5304
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Tue Apr 12, 2011 9:36 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 09, 2014 7:56 pm

would it be possible so make the viewer to be clickable on the color to toggle the data from being displayed on the graph?

makes some things easier to see when u have alot of data flowing over the unit.

also after it runs for a while it seems to loose the graph.
You do not have the required permissions to view the files attached to this post.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 09, 2014 10:27 pm

Thanks for this tool its great! Any particular reason why I only get Send Speed data back and no Recv Speed?
That is odd. Can you post the result of http://<service> where <service> is the ip address of the machine running the snifferservice?
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 09, 2014 10:30 pm

Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?
Check your mikrotik log. You should have an SSH connection or at least a connection attempt every 5 minutes from the 'sniffer' user. Maybe you see a logical error. Also check the snifferservice log file.
 
danielm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 14, 2013 4:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 09, 2014 10:36 pm

would it be possible so make the viewer to be clickable on the color to toggle the data from being displayed on the graph?

makes some things easier to see when u have alot of data flowing over the unit.

also after it runs for a while it seems to loose the graph.
Nice idea but will take a while to implement. Maybe some time in the future.

I have seen the graph becoming corrupt but have not been able to find the cause. On the other hand I have had the viewer run for weeks without issues too. If you can figure out under what circumstances it happens it would be very helpful. (Of course restarting the viewer sorts it out but it is a bit of a pain.)
 
gaff
just joined
Posts: 3
Joined: Thu Sep 11, 2014 3:33 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Sep 11, 2014 4:02 pm

Hello,

I would like to use your application, but I have following problems:
2014.09.11 14:25:34 - Info: Starting up sniffer service
2014.09.11 14:25:34 - Info: Mikrotik user: sniffer
2014.09.11 14:25:34 - Info: Mikrotik IP: 10.8.0.36
2014.09.11 14:25:34 - Info: Networks specified: 1
2014.09.11 14:25:34 - Info: Monitoring network: 10.8.0.0/255.255.0.0
2014.09.11 14:25:34 - Info: SnifferService Port: 8080
2014.09.11 14:25:34 - Info: Service started
2014.09.11 14:25:36 - Error: Cannot get traffic: Connection Closed Gracefully.
in the mikrotik log, there are strange "loggged in" and "loggged out" messages after start of SnifferService:

Image

and the http://10.8.2.33/accounting/ip.cgi reports "Requested document '/accounting/ip.cgi' not found"

Connection by Plink.exe is working (user sniffer is NOT logged out):
Image

Where could be a problem?
 
gbh
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Dec 08, 2008 1:05 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Sep 12, 2014 1:54 pm

Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?

I have exactly the same issue as you.
Which folder should I create an ips.txt in? (and what format for the text please?)
 
exliko
just joined
Posts: 3
Joined: Wed Oct 01, 2014 4:56 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Oct 01, 2014 4:59 am

Thanks for this great tool

I've installed v1.0.2 several months ago.
Do i need to reinstall the sevices if i want to upgrade it to v1.0.3?
 
Sl33py
newbie
Posts: 25
Joined: Mon Jan 20, 2014 2:37 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 02, 2014 8:26 pm

Hello
This is a great tool thank you,
Can this tool or even another log the line usage, we can see the current up and download speed but I want to see if the line gets congested at time especially the upload.
I skimmed through the pages but did not see anything.
I have tried cacti but did not come right with it :(
 
epiclulz
just joined
Posts: 10
Joined: Sat Oct 11, 2014 8:00 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Oct 20, 2014 5:54 am

this tool is pretty awesome i must admit i like it alot :D :D

i have but one question

is this tool grabbing data written to the routers memory or is it polling and collecting data in real time

the question i ask is if i was to turn off the machine with the service running.. if i was to turn it off and go to work and come back and fire it back up will it have account the data from when it was turned off or will it just start logging from there ? im looking for something that will look but do the same thing that your system does without having to have a machine on 24/7

this tool is awesome and you should be really proud of your work

cheers bud
 
Duduhandelman
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Wed Jan 04, 2012 5:30 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Oct 21, 2014 12:10 pm

Well done, very nice tool.

It's working very well while the Mikrotik is doing routing but for some reason I'm unable to view the data while using a bridge.
The data is in the accounting on the router side.
Is there any spaecail config?

Thanks for the great tool
 
Adame123
just joined
Posts: 2
Joined: Thu Oct 30, 2014 12:34 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 30, 2014 12:38 pm

@danielm

Is there a way to reset the current stats displayed on the traffic monitor to 0 and start the "monthly" clearschedule from the time of reset ( so that would be day 1)
 
Adame123
just joined
Posts: 2
Joined: Thu Oct 30, 2014 12:34 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 30, 2014 12:45 pm

@danielm

Is there a way to reset all the current statistic in the traffic monitor to 0. I set the clearschedule to monthly and after i reset it i want it to start counting from day 1.
 
epiclulz
just joined
Posts: 10
Joined: Sat Oct 11, 2014 8:00 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 31, 2014 6:09 am

the tool as a major bug... not sure if its resetting when it gets to 100gb or if the remote collector is rebooted it seems to reset the couter
 
imek
just joined
Posts: 1
Joined: Fri Nov 14, 2014 11:09 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Nov 14, 2014 11:13 am

Each time I run the Snifferviewer, I get this error message List index out of bound (22)

Please could you help with the solution
 
NunoMMS
just joined
Posts: 1
Joined: Fri Nov 21, 2014 4:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Nov 21, 2014 4:35 pm

Hi, can anyone tell me what to do with these errors:
2014-11-21 16:24:32 - Info: Starting up sniffer service
2014-11-21 16:24:32 - Info: Mikrotik user: sniffer
2014-11-21 16:24:32 - Info: Mikrotik IP: 192.168.1.1
2014-11-21 16:24:32 - Info: Networks specified: 1
2014-11-21 16:24:32 - Info: Monitoring network: 192.168.1.0/255.255.255.0
2014-11-21 16:24:32 - Info: SnifferService Port: 80
2014-11-21 16:24:32 - Error: Cannot listen on tcp port 80
2014-11-21 16:24:32 - Error: Socket Error #10013, Access denied.
 
oskaratk
just joined
Posts: 12
Joined: Mon Nov 10, 2014 7:19 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 17, 2014 7:29 am

seems to be a great tool almost all I need. If I could get accounting to work

However, when I turn on ip-accounting, I not even see traffic using the snapshot funtionality.

I am using a RB450G, in this case pretty much as switch. eth1 as master for eth2 - eth5.
I wonder what I am missing ...

Thanks
Oskar
 
guoshuzhang
just joined
Posts: 2
Joined: Wed Jul 10, 2013 8:15 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Dec 18, 2014 5:47 pm

2014/12/18 23:45:56 - Info: Starting up sniffer service
2014/12/18 23:45:56 - Info: Mikrotik user: admin
2014/12/18 23:45:56 - Info: Mikrotik IP: 192.168.10.1:22
2014/12/18 23:45:56 - Info: Networks specified: 1
2014/12/18 23:45:56 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2014/12/18 23:45:56 - Info: SnifferService Port: 83
2014/12/18 23:45:56 - Info: Service started
2014/12/18 23:45:56 - Error: Cannot get DNS: C:\Program Files (x86)\Sniffer\plink.exe admin@192.168.10.1:22 -pw ******* "/ip dns static print detail without-paging"
2014/12/18 23:45:56 - Error: Error code: 32
2014/12/18 23:45:58 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:45:59 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:46:00 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:46:01 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)

some body help me please
 
guoshuzhang
just joined
Posts: 2
Joined: Wed Jul 10, 2013 8:15 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Dec 19, 2014 5:50 am

Image
this is my setup
OK?
 
billjellis
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Mon Dec 15, 2014 11:04 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Dec 21, 2014 11:28 am

Stumbled upon a feature of this tonight "networx application" can give you graphs like this. It is by a company called https://www.softperfect.com/. I have been using it for years to monitor traffic on a PC. :lol:
Capture.JPG
You do not have the required permissions to view the files attached to this post.
 
wilsonlmh
newbie
Posts: 26
Joined: Fri Oct 10, 2014 9:44 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Dec 27, 2014 10:50 pm

Great works you did. BTW, I'd like to ask if you will release the source or not? I think this is a great idea to enrich more functions for this app. For my personal opinion, I think it should at least have a column for connect manually instead of store the server address in a INI file. And also it should use the per-user config store to save last connect address. Since it's the first time I try the app, but I already got lots of idea to improve it. I'm afraid some of my idea will conflict with your original intention. So I think it will be better for you to publish the source in some repository(like github, sourceforge etc.) and then people can develop different version for different purpose. But if that's not quite possible to release the source, would you like to write some documents to describe the protocol between server and viewer? Thank you!
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jan 07, 2015 7:40 pm

awesome work!

real world useful tool !!!

thanks for sharing !!!!!
 
satrunner
just joined
Posts: 1
Joined: Mon Feb 16, 2015 10:40 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Feb 16, 2015 11:04 am

I have Windows 8.1 for some reason I can't see service running in task manager. and I get error when I start the viewer up Invalid floating point operation
 
User avatar
Bintalhoda
just joined
Posts: 1
Joined: Sat Feb 28, 2015 2:00 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Feb 28, 2015 2:17 pm

Hello, i must say this is a life-saver since i have been looking for it for some time, but it won't work for me -_-

Windows 8.1 Pro x64
Mikrotik Server: 192.168.0.254
Network: 192.168.0.0/24
I can start the service and see it running in task manager
I configured accounting in winbox
I added the user 'sniffer' in group 'sniffer' with ssh and read permissions
I cannot access "//192.168.0.254/accounting/ip.cgi"
I am having a 'Cannot get traffic' message

Please advice and thanks in advance

==============
My configuration:
==============

[Settings]
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.0.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.254
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=//192.168.0.254/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

======
Output
======
2015/02/28 14:12:45 - Info: Starting up sniffer service
2015/02/28 14:12:45 - Info: Mikrotik user: sniffer
2015/02/28 14:12:45 - Info: Mikrotik IP: 192.168.0.254
2015/02/28 14:12:45 - Info: Networks specified: 1
2015/02/28 14:12:45 - Info: Monitoring network: 192.168.0.0/255.255.255.0
2015/02/28 14:12:45 - Info: SnifferService Port: 80
2015/02/28 14:12:45 - Info: Service started
2015/02/28 14:12:47 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/02/28 14:12:48 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Mar 16, 2015 2:43 am

Is it possible to use this tool to monitor 2 different mikrotik routers at the same time?
Thank you for help
 
epiclulz
just joined
Posts: 10
Joined: Sat Oct 11, 2014 8:00 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Mar 23, 2015 4:24 am

anyone else still getting this bug where once it goes over 100gb of usage it resets it self to 0 in the tool ?
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Apr 03, 2015 9:09 am

Thank you very much for such nice tool.
I would like to monitor multiple routers with one service. Is that possible?
 
tongqabiz
just joined
Posts: 1
Joined: Thu Apr 09, 2015 8:21 am
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 09, 2015 8:37 am

Dear bro Daniel

I've already tried this and its work amazingly.
but why cant i see the hostname (in my case)
can you help me with it?
 
m3a2r1
newbie
Posts: 25
Joined: Sat Mar 29, 2014 12:11 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Apr 19, 2015 11:16 am

I've got the same problem. It works great but doesn't show hostnames. I'm using DHCP on my MT. I've tested on 2 MT's with the same effect.
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Apr 25, 2015 2:00 am

I've got the same problem. It works great but doesn't show hostnames. I'm using DHCP on my MT. I've tested on 2 MT's with the same effect.
Usually it takes few minutes for the hosts to appear.

Check in your log on the mikrotik router if you see the "sniffer" user connecting ?(if all works fine, you will see the "sniffer" user connecting constantly in your log).
If it doesn't show in the log, then something is wrong...

See the picture.
log.png
You do not have the required permissions to view the files attached to this post.
 
m3a2r1
newbie
Posts: 25
Joined: Sat Mar 29, 2014 12:11 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Apr 26, 2015 11:34 am

I've fixed it. Install note in readme text shows how to create ssh user but there's no info that I have to create password for that user :)
 
nikolas22t
just joined
Posts: 18
Joined: Thu Jan 12, 2012 1:03 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 04, 2015 10:00 am

Can i monitor 2 different mikrotik routers on the same server ? ( 1 service running with 2 servers or 2 services running with 1 server each ?)
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue May 05, 2015 2:38 am

Can i monitor 2 different mikrotik routers on the same server ? ( 1 service running with 2 servers or 2 services running with 1 server each ?)
I am able to monitor 2 different routers on the same computer.
I had to install/run 2 services (had to rename the 2nd service to "sniffer2"), and then i used 2 viewers, each viewer is setup to connect to one of the services.
Then it works

So " viewer1" is connecting to "snifferservice1"
"viewer2" is connecting to "snifferservice2"

You have to set this parameters in the snifferservice folder "snifferservice.ini" file
and in the viewer folder on the "sniffer.ini" file
 
ALX1S
newbie
Posts: 44
Joined: Mon Apr 27, 2015 5:28 pm
Location: Buenos Aires, Argentina

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jun 01, 2015 6:56 pm

Hi, Thanks for the programs, it look like Awesome.

I have the service Running, but im not beeing able to catch teh traffic, and when i check the SnifferService.txt appear "Error: Cannot get traffic: http response code: 401, unauthorized". Im suing the same usr, group and password in the readme. Could you tell me if I forget something.

Thanks.
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jun 02, 2015 1:36 am

Hi, Thanks for the programs, it look like Awesome.

I have the service Running, but im not beeing able to catch teh traffic, and when i check the SnifferService.txt appear "Error: Cannot get traffic: http response code: 401, unauthorized". Im suing the same usr, group and password in the readme. Could you tell me if I forget something.

Thanks.

Try to type this link in your browser and see if you can access it: http://192.168.1.1/accounting/ip.cgi

instead of the "192.168.1.1" you put your router ip address.

If you cannot acces that page, see if you have enabled accounting under: winbox- ip- accounting
and check if you have enabled http access to your router under: winbox- ip - services (here the port 80 must be enabled for access)
 
ALX1S
newbie
Posts: 44
Joined: Mon Apr 27, 2015 5:28 pm
Location: Buenos Aires, Argentina

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jun 02, 2015 4:57 pm

Yep, I could see the Mikrotik telling the connections in an plane text interface, and restarted the windows service many times. (the service port is set in the 80, I don't have any other service in this port in this computer)
 
pverburg
just joined
Posts: 2
Joined: Wed Jun 04, 2014 1:20 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jun 16, 2015 10:28 pm

Hi,
got this working except I cant get the viewer to use port 85 ??? cant use 80 already in use
I can see the data so the sniffer works, just the viewer I have used 192.168.x.x:85 no go ?

Thanks
 
Lentin
just joined
Posts: 1
Joined: Tue Jan 28, 2014 12:24 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jun 17, 2015 5:18 pm

Please help!

Stuck Here:
-------
2015/06/17 16:11:46 - Info: Mikrotik user: sniffer
2015/06/17 16:11:46 - Info: Mikrotik IP: 192.168.1.1
-------
from web: 192.168.1.1/accounting/ip.cgi - Success
my config:
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.1.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

Appreciate your help, Thanks in advance
 
dalejsa
just joined
Posts: 2
Joined: Mon Jun 22, 2015 12:54 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jun 22, 2015 1:00 pm

Hi All

I wonder if someone can help me. I followed the instructions below to create the sniffer user for the monitor, I logged out of the router and thereafter I could not login as admin anymore. I have restarted the routerboard but no joy. I am desperate to get back in as admin. Did anyone else experience this? Any suggestions at all?


Thanks

On Mikrotik
-----------
Create an SSH user for getting DHCP lease names and DNS entries
/user
group add name=sniffer policy="ssh,read"
add address=192.168.88.0/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.88.XX/32
(XX is the IP of the Windows machine where SnifferService will run)

check on http://192.168.88.1/accounting/ip.cgi that it works (from specified machine)
 
imaljko4
Member Candidate
Member Candidate
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 13, 2015 11:02 am

HI, thanks again for your software, do you know how many ip-s (computers) can the viewer show at once on a network. My network has about 50 computers connected, but seems that the viewer will show only up to 33 computers, or am i wrong?
Do you know if i can somewhere specify that the viewer shows more than 33 computers (actually all the computers that are connected to the network) ? thanks
 
fundus
just joined
Posts: 1
Joined: Mon Jul 27, 2015 3:59 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jul 27, 2015 4:55 pm

Is there any way of overriding the default ssh port 22? To avoid brute force attacks, my Mikrotik is set to a different port.

The ini.file's port setting only overrides web, not SSH access. I tried changing the server to 192.168.1.88:5005, but that does not seem to register.

Any guidance much appreciated!
 
Lordi
just joined
Posts: 12
Joined: Sat Aug 08, 2015 11:43 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Aug 08, 2015 12:05 pm

many thanks to share this tool with us.
it works great for my.
any development in progress?
 
Elementn
just joined
Posts: 1
Joined: Tue Aug 11, 2015 3:48 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Aug 11, 2015 3:57 pm

many thanks to share this tool with us.
it works great for my.
any development in progress?

Every thing was good , the service start normally but in the miktrotik Logs no user sniffer is logged in ?
Please anyone can help me to solve that ?

Thanks,
 
shootaboyz
just joined
Posts: 2
Joined: Fri Jul 18, 2014 10:26 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Aug 13, 2015 1:03 pm

Hello,

First I have to thank you for providing this tool. I would like to ask whether I can put the service on another PC (192.168.168.250) and run the viewer from my notebook (192.168.168.124)? If its possible can you show me what I should enter on the viewer config file. Also, is it possible to save the traffic by day, maybe to a csv file?

Thanks.
 
renedr
just joined
Posts: 2
Joined: Fri Apr 10, 2015 5:14 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Aug 26, 2015 1:00 am

[quote="danielm"]Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:



Nice app. Works well.
 
User avatar
psycoclan1
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon Aug 11, 2008 4:30 pm
Location: England

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Sep 09, 2015 12:50 am

Hello guys,

it seems i have a problem here which i cant completely understand and fix it..

I used the sniffer perfectly until today...Today i renabled my transparent web proxy which redirects all the port 80 traffic to port 8989. As soon as i did that the sniffer stopped working. I checked the accounting from web and browser sends back a 401 error (anauthorised access). It seems that the proxy doesnt authorise the accounting, but my sniffer is configured on port 249 (random port i assigned when i first set it up, coz port 80 was blocked).

How can i bypass it?

EDIT : i created 2 address lists in firewall, all the network range exluding mine and i created 2 nat chains with both lists in each redirect. Now all the hosts in the network go through the proxy apart from my pc. Is there another way to have both proxy and accounting?
 
hendrikbasson
just joined
Posts: 2
Joined: Fri Oct 11, 2013 5:38 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Sep 10, 2015 4:10 pm

Hi,

Great tool!

Anyone figure out a way to send the data via email weekly or so? With the grid and graph?
 
BroganOs
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Aug 27, 2015 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Sep 18, 2015 1:08 pm

I'm having problems seeing traffic in the viewer and looking for help.

I can see traffic if I go to the address: http://192.168.0.1:81/accounting/ip.cgi
I can see information in the traffic.txt file
The log file show's me logged in with no errors.
2015/09/18 10:57:29 - Info: Starting up sniffer service
2015/09/18 10:57:29 - Info: Mikrotik user: sniffer
2015/09/18 10:57:29 - Info: Mikrotik IP: 192.168.0.1:81
2015/09/18 10:57:29 - Info: Networks specified: 1
2015/09/18 10:57:29 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2015/09/18 10:57:29 - Info: SnifferService Port: 81
2015/09/18 10:57:29 - Info: Service started
But the viewer (SniffViewer.exe) is blank.

I'm not using port 80, I'm using port 81 and have change the web access port on the MT to port 81.
(This solved the error
Error: Cannot get traffic: Connect timed out. (192.168.0.1:81)
I was having by the way)

anyone got any advise?
 
BroganOs
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Aug 27, 2015 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Sep 18, 2015 3:08 pm

Solved: After I changed ports from 80 to 81 I forgot to change the port number in sniffer.ini as per readme file.
Viewer on Windows machine
-------------------------
- Copy the Viewer files to your machine (any windows machine on the LAN)
- Configure sniffer.ini as per comments (add a port number to the ip if you are not using port 80 for the 
  SnifferService, i.e. SnifferService=localhost:81)
- Start up SnifferViewer.exe
 
bouvrie
just joined
Posts: 1
Joined: Tue Sep 29, 2015 11:49 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 29, 2015 11:51 am

I have Windows 8.1 for some reason I can't see service running in task manager. and I get error when I start the viewer up Invalid floating point operation
Same issue with me running the viewer, any clue on resolving the isssue?

*edit*

Thanks BroganOs, specifying the alternate port in the Sniffer.ini (host:port) solved my client crashing too... :)
 
ciwmohsen
just joined
Posts: 3
Joined: Wed Sep 30, 2015 4:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 01, 2015 9:30 am

hi every body
I did settings،But the result was not good
These images is the result of my work
please help me... :(
snifferservice.jpg
sniffer.jpg
attix 5.jpg
You do not have the required permissions to view the files attached to this post.
 
BroganOs
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Aug 27, 2015 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Oct 01, 2015 1:06 pm

In snifferService.ini try changing the "Network" address to the address of your router which I'm assuming is 192.168.0.3 and put the new service port number at the end of the IP address under the microtik server ( see example below)
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.0.3
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.3:2560
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=2560
 
User avatar
otgooneo
Trainer
Trainer
Posts: 581
Joined: Tue Dec 01, 2009 3:24 am
Location: Mongolia
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 02, 2015 7:23 am

Looks Awesome! :-) I`ll try later
 
ciwmohsen
just joined
Posts: 3
Joined: Wed Sep 30, 2015 4:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Oct 03, 2015 4:32 pm

hi BroganOs
thanx for your comment
i change that . but not work properly :-(
 
ciwmohsen
just joined
Posts: 3
Joined: Wed Sep 30, 2015 4:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Oct 05, 2015 8:32 am

hi
thanks BroganOs
i change that. but not work properly :(
 
infused
Member
Member
Posts: 313
Joined: Fri Dec 28, 2012 2:33 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 12, 2015 5:46 am

Just replying to let you know this works really well. Thanks
 
piyaservice
just joined
Posts: 20
Joined: Fri May 15, 2015 11:16 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 18, 2015 8:28 am

Dear sir
this is my config from sniffer.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.0.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.254
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

this is log file
2015/11/18 13:14:27 - Info: Starting up sniffer service
2015/11/18 13:14:27 - Info: Mikrotik user: sniffer
2015/11/18 13:14:27 - Info: Mikrotik IP: 192.168.0.254
2015/11/18 13:14:27 - Info: Networks specified: 1
2015/11/18 13:14:27 - Info: Monitoring network: 192.168.0.0/255.255.255.0
2015/11/18 13:14:27 - Info: SnifferService Port: 80
2015/11/18 13:14:27 - Info: Service started
2015/11/18 13:14:29 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:30 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:31 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:32 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:33 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:34 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:35 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:36 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:37 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:38 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:39 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:40 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:41 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:42 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:43 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:44 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:45 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:46 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:47 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)

www service port : 81
What is problem , Because I cannot change to www service port : 81
 
BroganOs
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Aug 27, 2015 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 18, 2015 11:42 am

maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
 
piyaservice
just joined
Posts: 20
Joined: Fri May 15, 2015 11:16 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 19, 2015 3:55 am

maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
 
BroganOs
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Aug 27, 2015 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 19, 2015 12:52 pm

have you tried the advise from imaljko4:
If you cannot acces that page, see if you have enabled accounting under: winbox- ip- accounting
and check if you have enabled http access to your router under: winbox- ip - services (here the port 80 must be enabled for access)
 
kendo
just joined
Posts: 4
Joined: Sun Nov 22, 2015 11:58 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Nov 23, 2015 12:05 am

maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP address because *.*.*.254 is used as broadcast address.
 
kendo
just joined
Posts: 4
Joined: Sun Nov 22, 2015 11:58 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Nov 23, 2015 12:22 am

maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP.
ip address you have is used as broadcast.
 
kendo
just joined
Posts: 4
Joined: Sun Nov 22, 2015 11:58 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Nov 23, 2015 12:28 am

Hi
I have a little misunderstanding

I have installed the system and it`s working well. But I have got wrong RECV TOTAL and SENT TOTAL data



In the picture you can see only 15.50 Mb TOTAL RECV. But I had watched a movie online ~ 500 Mb.

Do you have any ideas how to get correct traffic info?
You do not have the required permissions to view the files attached to this post.
 
piyaservice
just joined
Posts: 20
Joined: Fri May 15, 2015 11:16 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 25, 2015 8:37 am

maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24
 
kendo
just joined
Posts: 4
Joined: Sun Nov 22, 2015 11:58 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 25, 2015 2:30 pm

Hi
Try to change your router IP.
ip address you have is used as broadcast.[/quote]

Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24[/quote]

You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24
 
piyaservice
just joined
Posts: 20
Joined: Fri May 15, 2015 11:16 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 26, 2015 8:27 am

Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24[/quote]

You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24[/quote]

Thank you so much , I will try it
 
piyaservice
just joined
Posts: 20
Joined: Fri May 15, 2015 11:16 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 26, 2015 10:10 am

Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24
You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24[/quote]

Thank you so much , I will try it[/quote]

I try to use your method , Thank you so much , It is OK
 
knowledgemonster
just joined
Posts: 24
Joined: Fri Dec 04, 2015 3:47 pm
Location: Ontario Canada
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Dec 04, 2015 3:52 pm

Hi,

If i go to http://192.168.2.1/accounting/ip.cgi

It works without problem, but i cannot get anything to show up in the viewer...Service started no problem.

2015/12/04 08:24:06 - Info: Starting up sniffer service
2015/12/04 08:24:06 - Info: Mikrotik user: sniffer
2015/12/04 08:24:06 - Info: Mikrotik IP: 192.168.2.1:23
2015/12/04 08:24:06 - Info: Networks specified: 1
2015/12/04 08:24:06 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2015/12/04 08:24:06 - Info: SnifferService Port: 23
2015/12/04 08:24:06 - Info: Service started

I used port 23 because i couldn't figure out how to add port 81

Any suggestions?
 
dhunt4372
just joined
Posts: 4
Joined: Mon Dec 07, 2015 10:01 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Dec 07, 2015 11:01 am

This is a great tool danielm ! Thank you so much for making this and for making it available to everyone!

I think I (may) be experiencing an issue similar to kendo (and it also does come back to how the sniffer service polls/collects traffic data from the Mikrotik).

I regularly have Winbox and Snifferviewer(Attix5 Traffic Monitor) open, and I often see traffic that is WAY higher on the Mikrotik WAN/LAN interfaces than the aggregate traffic seen in the Snifferviewer program. I don't think I have ever seen it the other way around, where the traffic in Snifferviewer is higher than the traffic in Winbox (and this isn't due to a delay, as Snifferviewer never comes close to reaching the peaks reported by Winbox).

Is this traffic simply not counted? Is it too fleeting/instantaneous for the sniffer service to poll? Or does it simply not register in the Snifferviewer program (and the cumulative send/receive data is actually counted)? I've unchecked the "use 5 sec average" box hoping to view more real-time traffic. Below are 5 printscreens showing examples of what it is I'm experiencing, and also wonder if other people have seen the same.

Still, great tool danielm! :D

Image
Image
Image
Image
Image
 
stikkman
just joined
Posts: 1
Joined: Wed Dec 09, 2015 9:46 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 09, 2015 11:44 pm

Hi, great app. Still looking for a solution to having no host names. Has this been sorted?
 
CreeD
just joined
Posts: 1
Joined: Fri Dec 18, 2015 6:21 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Dec 18, 2015 6:30 pm

Hi any chance you could share the source code of the viewer or at least add someway to change the hostname / add column to set fixed name for an IP. I have multiple android devices and they all have unique android id's such as android-1shs2efs
 
salshaykh
just joined
Posts: 1
Joined: Wed Dec 23, 2015 10:02 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Dec 23, 2015 10:09 am

Help Required!!!!

Mikrotik IP 192.168.1.1
Network IP 192.168.1.0/24
Machine IP 192.168.1.231

I have configured the files as above IP's. Then why this error comes. Even 192.168.20.1 is not on my network or on any of my LAN adopters on the machine.

Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)

Plz help
 
tartuerik
just joined
Posts: 1
Joined: Sun Jan 03, 2016 10:36 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jan 03, 2016 10:43 pm

danielm,
This is what I've been looking for.

Unfortunately, I don't have any windows systems running 24-7, as
we are a linux "shop". Have you given any thought to creating a Linux version?

Many thanks for sharing, even though can't use it at the moment.

~erik
 
amsteen
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Apr 04, 2009 11:09 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jan 05, 2016 1:03 pm

Dear all

I am new here and I try many times but not working here is my situation:
1. Mikrotik server 6.19
2. I try blink and it works fine and I get my mikrotik command prompt.
3. The sniffer Services starts well but its log file shows the error:

2016/01/05 13:50:49 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:50 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:51 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Info: Service stopped
2016/01/05 13:50:54 - Info: Starting up sniffer service
2016/01/05 13:50:54 - Info: Mikrotik user: sniffer
2016/01/05 13:50:54 - Info: Mikrotik IP: 172.30.6.120
2016/01/05 13:50:54 - Info: Networks specified: 1
2016/01/05 13:50:54 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2016/01/05 13:50:54 - Info: SnifferService Port: 80
2016/01/05 13:50:54 - Info: Service started
2016/01/05 13:50:55 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:56 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:57 - Error: Cannot get traffic: http response code: 401, unauthorized

3. The mikrotik log shows that the service login then logout :
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh

4. when try the http://192.168.10.10 the browser gives white page.
5. when try the http://172.30.6.120/accounting/ip.cgi the browser gives: Error 401: Unauthorized
6. My mikrotik is zero configuration, no hotspot, only firewall nat and webproxy.
7. I am using windows xp without any software on it and firewall is disabled.

Please help
 
amsteen
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Apr 04, 2009 11:09 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jan 21, 2016 8:33 am

Dear All

IT works with me fine bu I need to reset the track on daily usage
I set this setting in the SnifferService.ini file:

ClearSchedule=Daily

And how to reset it manually

But It do not work so please help
 
yahelb
just joined
Posts: 1
Joined: Tue Feb 02, 2016 7:41 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Feb 02, 2016 7:45 am

Anyone got this installed on Windows-10?

Is this tool still being maintained?
Nothing better available?
 
Aéras
just joined
Posts: 1
Joined: Tue Feb 23, 2016 6:39 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Feb 23, 2016 7:17 pm

Thanks Daniel! it really helped me to control the real time traffic! Works perfect and very easy to configure with the instructions you gave us! Regards!

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:

Image

It is also extremely useful to see the traffic shaping effects when playing around with shaping rules on your Mikrotik router. It uses the Accounting feature of your router.

The tool with basic instructions is attached to this post or you can download it from the links below.

I hope this can be of use to someone! Comments welcome. :)

Daniel

PS: I know this is technically not a 'sniffer' but it actually started off as one so the name stuck.

EDIT:
I added a new version to this post (V1.0.3). Download the service and viewer from the links below. I had to split them because the forum does not allow files larger than 1 MB any more.
Change Log:
V1.0.3 (2014-06-24)
Download: Viewer and Service
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
V1.0.2 (2014-01-15)
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt
 
talha909
just joined
Posts: 8
Joined: Mon Feb 22, 2016 12:30 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Feb 24, 2016 5:43 pm

HI,

Thanks for the great tool. I want to ask some thing. I want to know the address of the sites which are seen my the local ip. How can i use this to see the website name.

http://192.168.0.1/accounting/ip.cgi
64.4.23.164 192.168.0.249 88 2 * *
192.168.0.246 74.125.130.94 284 2 * *
192.168.0.249 64.4.23.164 180 1 * *
192.168.0.246 74.125.68.102 41 1 * *
74.125.200.91 192.168.0.249 40 1 * *
74.125.130.94 192.168.0.246 230 1 * *
65.55.223.13 192.168.0.249 49 1 * *
111.221.77.141 192.168.0.246 40 1 * *
192.168.0.249 74.125.200.91 40 1 * *
 
999masks
just joined
Posts: 15
Joined: Sun Mar 06, 2016 4:33 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Mar 06, 2016 9:36 am

Hello,

I would like to use your application, but I have following problems:
2014.09.11 14:25:34 - Info: Starting up sniffer service
2014.09.11 14:25:34 - Info: Mikrotik user: sniffer
2014.09.11 14:25:34 - Info: Mikrotik IP: 10.8.0.36
2014.09.11 14:25:34 - Info: Networks specified: 1
2014.09.11 14:25:34 - Info: Monitoring network: 10.8.0.0/255.255.0.0
2014.09.11 14:25:34 - Info: SnifferService Port: 8080
2014.09.11 14:25:34 - Info: Service started
2014.09.11 14:25:36 - Error: Cannot get traffic: Connection Closed Gracefully.
in the mikrotik log, there are strange "loggged in" and "loggged out" messages after start of SnifferService:

Image

and the http://10.8.2.33/accounting/ip.cgi reports "Requested document '/accounting/ip.cgi' not found"

Connection by Plink.exe is working (user sniffer is NOT logged out):
Image

Where could be a problem?
same thing happening on my end
 
ken2kk
just joined
Posts: 1
Joined: Mon Mar 14, 2016 4:00 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Mar 14, 2016 4:22 pm

Hello, ken here. Does this work with windows 10 Os? I followed all the steps upto the install install sniffer service stage using command line. Some help please.
 
zespri
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sat Mar 26, 2016 1:45 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Mar 28, 2016 9:56 am

Hello, ken here. Does this work with windows 10 Os? I followed all the steps upto the install install sniffer service stage using command line. Some help please.
Yep, working fine here as per instructions.
 
kei888
newbie
Posts: 47
Joined: Fri Feb 07, 2014 7:54 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Apr 11, 2016 6:26 am

Is the viewer really works on Windows 7 and 10 platforms? I double check everything but viewer doesn't display anything/

Thank you.
 
kei888
newbie
Posts: 47
Joined: Fri Feb 07, 2014 7:54 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Apr 11, 2016 6:40 am

Here are the logs:

2016/04/04 08:13:32 - Info: Starting up sniffer service
2016/04/04 08:13:32 - Info: Mikrotik user: sniffer
2016/04/04 08:13:32 - Info: Mikrotik IP: 172.30.8.1
2016/04/04 10:07:44 - Info: Starting up sniffer service
2016/04/04 10:07:44 - Info: Mikrotik user: sniffer
2016/04/04 10:07:44 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:27:59 - Info: Starting up sniffer service
2016/04/07 20:27:59 - Info: Mikrotik user: sniffer
2016/04/07 20:27:59 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:42:04 - Info: Starting up sniffer service
2016/04/07 20:42:04 - Info: Mikrotik user: sniffer
2016/04/07 20:42:04 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:54:13 - Info: Starting up sniffer service
2016/04/07 20:54:13 - Info: Mikrotik user: sniffer
2016/04/07 20:54:13 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 21:03:20 - Info: Starting up sniffer service
2016/04/07 21:03:20 - Info: Mikrotik user: sniffer
2016/04/07 21:03:20 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 21:08:37 - Info: Starting up sniffer service
2016/04/07 21:08:37 - Info: Mikrotik user: sniffer
2016/04/07 21:08:37 - Info: Mikrotik IP: 172.30.8.1
2016/04/11 11:36:04 - Info: Starting up sniffer service
2016/04/11 11:36:04 - Info: Mikrotik user: sniffer
2016/04/11 11:36:04 - Info: Mikrotik IP: 172.30.8.1
 
debendrakandel
just joined
Posts: 1
Joined: Thu Apr 14, 2016 12:36 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 14, 2016 12:56 pm

I configured it correctly. It worked for a week. Today when i tried i got error "List Index Out of Bounds (24)". Any body has any idea?
You do not have the required permissions to view the files attached to this post.
 
nigslaysa
just joined
Posts: 15
Joined: Wed Apr 06, 2016 11:08 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Apr 20, 2016 4:57 am

Thanks very useful tool however i can't get it to resolve hostnames
 
mexus
just joined
Posts: 13
Joined: Mon May 02, 2016 1:18 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 02, 2016 1:20 pm

Does it store the results while the windows machine is off?
I mean are the stats saved on the mikrotik or just the Windows machine (where the service is running)?
I shutdown the machine at night but need stats 24/7

Is there a linux version?
 
rtla01
just joined
Posts: 2
Joined: Tue May 03, 2016 6:23 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue May 03, 2016 6:39 pm

First thanks Danielm for this very good topic.
Second thanks for all that are helping,
I´m new here, but i would like to ask you for a help with my problem.
i read all the topic but didn´t find one solution.

the SnifferService.exe can´t work. I´m using the windows 10 maybe it can be a problem?

here you can see the SnifferService.log.
2016/05/03 12:32:19 - Info: Starting up sniffer service
2016/05/03 12:32:19 - Info: Mikrotik user: sniffer
2016/05/03 12:32:19 - Info: Mikrotik IP: 10.1.1.1:8000



here is the SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=10.1.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=10.1.1.1:8000
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=8000

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer
 
rtla01
just joined
Posts: 2
Joined: Tue May 03, 2016 6:23 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed May 04, 2016 4:45 pm

Hi all.,
Please help me to find one solution.
I need this tools working.
Thanks.
 
kylothian
just joined
Posts: 1
Joined: Mon May 30, 2016 1:52 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon May 30, 2016 2:02 pm

Hi there, I hope someone can assist me.
I am struggling quite a bit getting this operational, I get the following in my error log:

2016/05/30 12:48:35 - Info: Starting up sniffer service
2016/05/30 12:48:35 - Info: Mikrotik user: admin
2016/05/30 12:48:35 - Info: Mikrotik IP: 192.168.1.254
2016/05/30 12:48:35 - Info: Networks specified: 1
2016/05/30 12:48:35 - Info: Monitoring network: 192.168.1.0/255.255.255.0
2016/05/30 12:48:35 - Info: SnifferService Port: 80
2016/05/30 12:48:35 - Info: Service started
2016/05/30 12:48:35 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:36 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:44 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:44 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:46 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2016/05/30 12:48:46 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2016/05/30 12:48:46 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:46 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:47 - Info: Service stopped

This is my SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.1.254
MikrotikSSHUser=admin
MikrotikSSHPassword=**
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer

My sniffer.ini
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=http://localhost/ip
#IPSource=c:\temp\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000

and on mikrotik I keep getitng the following :
user admin logged in from 192.168.1.3 via ssh
user admin logged out from 192.168.1.3 via ssh

I have connected to my mikrotik via cmd :
plink 192.168.1.254
saved cached credentials (or something like that)
and have allowed that.

My firewall is turned off same with my AV
If the service is stopped I can not telnet localhost 80
if the service is started i can telnet localhost 80

please let me know if you require any further information,

regards
K
 
tmrcomputing
just joined
Posts: 2
Joined: Thu Aug 06, 2015 8:04 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jun 04, 2016 1:15 pm

Go to Traffic Accounting Web Access and change the address by your LAN IP/24 (basically add your subnet /XX).

hehhehe
Dear all

I am new here and I try many times but not working here is my situation:
1. Mikrotik server 6.19
2. I try blink and it works fine and I get my mikrotik command prompt.
3. The sniffer Services starts well but its log file shows the error:

2016/01/05 13:50:49 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:50 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:51 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Info: Service stopped
2016/01/05 13:50:54 - Info: Starting up sniffer service
2016/01/05 13:50:54 - Info: Mikrotik user: sniffer
2016/01/05 13:50:54 - Info: Mikrotik IP: 172.30.6.120
2016/01/05 13:50:54 - Info: Networks specified: 1
2016/01/05 13:50:54 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2016/01/05 13:50:54 - Info: SnifferService Port: 80
2016/01/05 13:50:54 - Info: Service started
2016/01/05 13:50:55 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:56 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:57 - Error: Cannot get traffic: http response code: 401, unauthorized

3. The mikrotik log shows that the service login then logout :
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh

4. when try the http://192.168.10.10 the browser gives white page.
5. when try the http://172.30.6.120/accounting/ip.cgi the browser gives: Error 401: Unauthorized
6. My mikrotik is zero configuration, no hotspot, only firewall nat and webproxy.
7. I am using windows xp without any software on it and firewall is disabled.

Please help
 
VinceIT
just joined
Posts: 1
Joined: Wed Jun 22, 2016 3:47 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jun 22, 2016 8:58 pm

Hi,

My first post on this forum. I installed and configured everything as per instructions. Ive got 2 problems .
*when trying to access the http://routerip/accounting/ip.cgi i get the following - error 401 unautherized .
Secondly
*i cant see my sniffer user loging onto the router in the logs.
*if i go into the sniferservice log file, i get the same error 401 unautherized. Please any any advice will help
 
kevinds
Long time Member
Long time Member
Posts: 640
Joined: Wed Jan 14, 2015 8:41 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jun 25, 2016 12:34 am

Howdy,

I haven't read this entire thread, I did the first couple and and the last couple pages though.

Is V1.0.3 (2014-06-24) the latest version?  Is this software posted anywhere else?  Looking for a quick place to check for updates.

Readme was void of this information.

Is it possible to configure with an RSA key for SSH authenication, rather than password?
 
mantunes
just joined
Posts: 4
Joined: Mon Sep 13, 2010 7:47 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jun 28, 2016 9:33 pm

Thanks for the helpfull tool!
 
wdmyburgh
just joined
Posts: 2
Joined: Fri Jul 15, 2016 5:22 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jul 15, 2016 5:25 pm

Hi,

I am struggling to add more than 1 network to be monitored.

Should the comma separated values be in one line or separated with a comma and then the next subnet posted in the next line?

Please assist.

Regards
 
rcocchiararo
newbie
Posts: 41
Joined: Sat Dec 12, 2015 8:59 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 16, 2016 1:09 am

This used to crash from time to time and i had to restart the service.

Now it lasts a few minutes and dies.

Can it be related to something from update 6.35.4?
 
brandofriva
just joined
Posts: 1
Joined: Sun Jul 17, 2016 10:18 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jul 17, 2016 11:15 pm

Also had an issue with Host names not showing up - here is what I found worked:
- IP -> Services -> Ensure SSH is enabled
 
soamz
Member
Member
Posts: 430
Joined: Thu Mar 19, 2015 7:19 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 23, 2016 7:08 pm

Final version works for anyone ?
 
cutedrummerboy
Member Candidate
Member Candidate
Posts: 137
Joined: Thu Nov 14, 2013 6:32 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 23, 2016 7:33 pm

can we get a native linux version of sniffer service??
 
soamz
Member
Member
Posts: 430
Joined: Thu Mar 19, 2015 7:19 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Jul 28, 2016 2:08 pm

thanks alot very good topic
Did you get it working ?
 
alisc
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Thu Dec 01, 2011 10:51 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jul 29, 2016 2:03 pm

thanks a lot
This is the best
 
wdmyburgh
just joined
Posts: 2
Joined: Fri Jul 15, 2016 5:22 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jul 29, 2016 4:05 pm

Also had an issue with Host names not showing up - here is what I found worked:
- IP -> Services -> Ensure SSH is enabled
I see SSH is enabled on my routerboard.
I can see the Active Host names on the Mikrotik, but the host names do not pull through into the sniffviewer program.
Any Ideas how I can get this fixed?
 
cmcawood
just joined
Posts: 2
Joined: Wed Feb 27, 2013 1:09 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Aug 18, 2016 7:30 pm

Hi danielm,

thanks for the great tool. Would you be prepared to share the source code and/or make it available as open source on something like github so others can contribute and grow this great tool. I would be willing to add on the ability to write to a database and draw additional reports.

--Craig
 
lakim
just joined
Posts: 1
Joined: Thu Aug 25, 2016 11:56 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Aug 25, 2016 11:59 pm

Hi, this is very usefull tool. Please share an information how to donate.
It will be more usefull when can be connecetd to a database to see a transfer history.
It will be good to see what sites user is using.

Anyway thank you!
 
yandrek
just joined
Posts: 2
Joined: Thu Jun 09, 2016 5:21 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Sep 05, 2016 7:12 pm

hi,

thats an awesome tool, ive been using it for a while, but something changed recently. after i upgraded routeros to the latest update, the attix5 tool doenst show the host names, it did before, but now doesnt. anyone has the same issue?

thanks a lot in advanced.
 
bcsteeve
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Thu May 12, 2016 11:05 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Sep 30, 2016 7:06 pm

I guess this tool doesn't work with latest Router OS??

I installed it and it works except that it is woefully inaccurate. Like, not even close. I can download with a sustained 150Mb/s connection and the graph shows some random traffic hovering around the 32Kb/s mark. Never anywhere near true. Also, every single IP is shown graphed identically (all colors follow the same line regardless of what their traffic is actually like).

So it "works" as in there are no errors and everything appears to be fine... but the data is entirely useless.

I see the author hasn't been on in quite some time, so is the development just dead?
 
Zaied
just joined
Posts: 3
Joined: Sun Mar 13, 2016 8:42 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Oct 18, 2016 9:46 am

Thanks for a brilliant supportive app which helping a lot. Have an asking on this attix5 viewer.

Can it possible to collect multiple source of servers (within connected LAN) in the single window of attix5?
I've a different office location where IP range separated by different range like 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24 etc which again inter connected via tunnel.
Each location existed Mikrotik can through data to location wise PC's.

Just want to know whether it can be seen by the central viewer or not. Advance thanks for the observation & support.
 
hmhpc
just joined
Posts: 4
Joined: Wed Feb 10, 2016 9:44 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 28, 2016 8:10 pm

@danielm
hello dear , it's super awesome tool, that's really what i want , but i have some trouble with it
1- sometime statistics rests by it self
2- I want take report daily , monthly , and also per Year
there are valuable features that i really care
what about new Version ?! :) or just give me Source Code , i upgrade it by myself ...

Best Regards
Hesam
 
vukko
just joined
Posts: 2
Joined: Fri Oct 23, 2015 12:37 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Nov 14, 2016 7:28 pm

I guess this tool doesn't work with latest Router OS??

I installed it and it works except that it is woefully inaccurate. Like, not even close. I can download with a sustained 150Mb/s connection and the graph shows some random traffic hovering around the 32Kb/s mark. Never anywhere near true. Also, every single IP is shown graphed identically (all colors follow the same line regardless of what their traffic is actually like).

So it "works" as in there are no errors and everything appears to be fine... but the data is entirely useless.

I see the author hasn't been on in quite some time, so is the development just dead?
I've just installed it again, running against latest 6.37.1 RouterOS and working perfectly, with accurate stats.
 
bcsteeve
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Thu May 12, 2016 11:05 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Nov 14, 2016 10:16 pm

I was using 6.37 and I don't see anything in the 6.37.1 update that would affect this... but I'll give it a try again.
 
User avatar
mac86
Member Candidate
Member Candidate
Posts: 124
Joined: Sat Nov 25, 2006 12:52 am
Location: bahia blanca - argentina
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Dec 01, 2016 3:20 am

Very good work, Thank you !!!

It's possible to archive traffic history like PNRG ?

http://www.netpro-ar.com/monitoreo-de-t ... y-netflow/
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 203
Joined: Sat Aug 02, 2014 1:13 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Dec 01, 2016 9:33 am

Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24
You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24
Looking at all posts attached screen shoots I see columns hosts but without any data.
For me very important will be to see traffic in domain names. Is this possible and how to configure this?

I made first steps to run accounting, but I have an issue.

Router LAN IP: 192.168.5.254
WWW router port: 81

Browser error: ERR_CONNECTION_REFUSED

Executed same config as above in example and I still can't access to any of below listed accounting web page.

http://192.168.5.254:81/accounting/ip.cgi
> ip accounting export
# nov/20/2016 06:17:40 by RouterOS 6.38rc37
# software id = ##########
#
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.5.0/24
In WebFig I see also that user sniffer is logged in. But in a date I see the time from last restart of sniffer service.

Please help me what is wrong?
Last edited by MikroTikFan on Fri Dec 02, 2016 2:12 am, edited 2 times in total.
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 203
Joined: Sat Aug 02, 2014 1:13 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Dec 01, 2016 11:26 pm

I have found - WWW service has different port ;-)

SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.5.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.5.254:81
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#If you use a web proxy on the mikrotik, set this to 1
#MeasureTrafficToRouter=0

#Alternative service port to listen on
ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly
ClearSchedule=monthly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
ServiceDisplayName=Sniffer
I think that I have correctly started service

016-12-01 23:33:03 - Info: Starting up sniffer service
2016-12-01 23:33:03 - Info: Mikrotik user: sniffer
2016-12-01 23:33:03 - Info: Mikrotik IP: 192.168.5.254:81
2016-12-01 23:33:03 - Info: Networks specified: 1
2016-12-01 23:33:03 - Info: Monitoring network: 192.168.5.0/255.255.255.0
2016-12-01 23:33:03 - Info: SnifferService Port: 81
2016-12-01 23:33:03 - Info: Service started

Unfortunately I have some problems to get Viewer data

I have checked also from command line plink and after this and putting first login it seems to be working fine.

Sniffer.ini
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=http://localhost/ip
#IPSource=c:\temp\ips.txt
IPSource=C:\Program Files (x86)\Sniffer\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000
Please help me to check if I made any mistake in config files.
(Package: 6.38rc38)
 
cabecmabec
just joined
Posts: 1
Joined: Mon Jan 09, 2017 11:09 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 09, 2017 11:34 am

Hi there,
i have configured Viewer and Service. Everything works great but i noticed that the speeds both receive and send are wrong(i am using 100Mbit connection). Look at the picture below
RouterOS Current Version 6.30.2
Image

edit: after upgrade to latest version RouterOS (6.38) the send speed is correct, but the download speed is wrong again. Now i see higher download speeds but not more than 200kb/s.
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.88.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.88.1
MikrotikSSHUser=XXXXXXXXXXXX
MikrotikSSHPassword=XXXXXXXXXXXXX
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
ClearSchedule=monthly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer

Viewer sniffer.ini

[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=XXX

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=10000000
#LineCapacityOutbit=512000

after the RouterOS update:
Image
 
jawas
just joined
Posts: 1
Joined: Tue Jan 24, 2017 5:35 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Jan 24, 2017 5:58 pm

Hi,
realy great tool. Am I right that it is possible to configure it for more networks, but for one Mikrotik device only? I would like to use it on my laptop (both service and viewer) for many networks, e.g. at home, at work and at the customers...). Is there any way how to configure the SnifferService.ini to use it that way? Thanks a lot.
Jiri
 
santong7
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Tue Jun 04, 2013 1:40 pm
Location: Heraklion Crete Greece
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Jan 30, 2017 9:52 am

Thank you Daniel for your great tool.

I would like to suggest you something.

Is it possible to configure the same tool, to show you the CAPSMAN registration table tab, instead of showing the ip and the data.

I mean to show the cap, the ssid, the mac address, the hostname and the transferred data ?

This tool would be in handy in wireless hot spots.
 
bityekimike
just joined
Posts: 1
Joined: Tue Mar 14, 2017 11:54 am

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Mar 14, 2017 12:08 pm

Hi All
I am a new user of Mikrotik Router , i have already download the tool , i have followed the step by step but i meet some issue , the "sniffer service" do not appear on the service manager list so when i run the sniffer service there is noting , when i run the link http://ip_adress_of_the_router:88/accounting/ip.cgi , i have a results
See below the sniffer log
2017/03/14 10:43:44 - Info: Starting up sniffer service
2017/03/14 10:43:44 - Info: Mikrotik user: sniffer
2017/03/14 10:43:44 - Info: Mikrotik IP: 10.3.34.100
2017/03/14 10:46:41 - Info: Starting up sniffer service
2017/03/14 10:46:41 - Info: Mikrotik user: sniffer
2017/03/14 10:46:41 - Info: Mikrotik IP: 10.3.34.100
10.3.34.100 is the local ip of the router
Please could you help me
 
aarango
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Nov 30, 2016 7:55 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Mar 23, 2017 12:12 pm

Is there this tool for Linux? (Service & Viewer)

Thanks.
 
parksj10
just joined
Posts: 5
Joined: Sun Apr 09, 2017 10:45 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Apr 09, 2017 10:46 pm

Any idea why this tool will only work when I have torch running on the local bridge?
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Apr 10, 2017 11:18 am

Any idea why this tool will only work when I have torch running on the local bridge?
That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.
 
parksj10
just joined
Posts: 5
Joined: Sun Apr 09, 2017 10:45 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 13, 2017 8:26 am

Any idea why this tool will only work when I have torch running on the local bridge?
That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.
Thanks for the reply! Kind of what I was starting to understand. From what I was reading, FastTrack can dramatically increase speeds, is that right? Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack. What I'm think is that if the SnitchMonitor Service can detect connected clients, then it can send out a command to either disable or enable FasTrack depending on the presence of a user.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 13, 2017 11:23 am

FastTrack can dramatically increase speeds, is that right?
Yes, that's correct.
Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack.
Well, that's not that easy. You can, for instance, use API calls to disable/enable fasttrack firewall rules, but the already fasttracked connections will continue to go fast path until the connection is closed.

If you need to use fasttrack and want to monitor you bandwidth consumption at the same time, I suggest you looking at /ip traffic-flow instead of the /ip accounting (traffic-flow works with fasttrack since 6.33).
 
parksj10
just joined
Posts: 5
Joined: Sun Apr 09, 2017 10:45 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Apr 14, 2017 10:01 am

If you need to use fasttrack and want to monitor you bandwidth consumption at the same time, I suggest you looking at /ip traffic-flow instead of the /ip accounting (traffic-flow works with fasttrack since 6.33).
Ok, I'll definitelylook into traffic-flow more. My first reading looks like I can use utilities that are built for Netflow protocol. Do you have suggestions on any tools? I'm looking for something can can monitor internet bandwidth usage per client with a graphical interface--essentially exactly what this tool does (except with fasttrack!).
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Apr 14, 2017 10:24 am

Do you have suggestions on any tools?
ManageEngine NetFlow Analyzer used to be a good (commercial) product, but, IMO, is not anymore. They redesigned interface at some point (made it "modern") and it became awfully slow and less functional. I'm stuck at version 9.8 (was released in 2011). Also just google- there are quite a few NetFlow collectors available, both free and commercial.
 
articiok
just joined
Posts: 5
Joined: Sat Apr 01, 2017 12:38 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Apr 14, 2017 12:35 pm

Flowviewer is great.
Works fine on a raspberry pi.
 
kuldaoo
just joined
Posts: 6
Joined: Wed Apr 12, 2017 6:58 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Jun 07, 2017 3:01 pm

Hi,
I use Attix5 traffic monitor with my routerboard 450. There a strange traffic named "other" that doesn't have any IP address. Do you know what the "Other" traffic could be?
Thanks

Ladislav Kulaty
 
kgmuzu
just joined
Posts: 12
Joined: Tue Dec 17, 2013 9:38 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jul 29, 2017 4:20 pm

Hi,

do you want to, can you, make it open source?

cheers,
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Aug 28, 2017 3:49 pm

if my ssh port is not on 22, how do i configure the ini?
 
dllfpp
just joined
Posts: 9
Joined: Mon Sep 18, 2017 12:06 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Sep 21, 2017 11:14 pm

Is there any way of overriding the default ssh port 22? To avoid brute force attacks, my Mikrotik is set to a different port.
The ini.file's port setting only overrides web, not SSH access. I tried changing the server to 192.168.1.88:5005, but that does not seem to register.
Any guidance much appreciated!
if my ssh port is not on 22, how do i configure the ini?
I need this as well...
 
w4rchild
just joined
Posts: 2
Joined: Fri Oct 20, 2017 6:57 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Oct 20, 2017 7:06 pm

Image
Does anyone know how to hostnames?

Shows blank for me.
 
User avatar
karlisi
Member
Member
Posts: 437
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Nov 24, 2017 10:47 am

Many thanks for this tool!
 
trekastana
just joined
Posts: 1
Joined: Wed Nov 29, 2017 5:59 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 29, 2017 6:23 pm

Where can I donwload Attix?

Thanks..
 
dllfpp
just joined
Posts: 9
Joined: Mon Sep 18, 2017 12:06 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Nov 30, 2017 6:06 pm

Where can I donwload Attix?

Thanks..

Get it here https://dllfppblog.wordpress.com/catego ... /mikrotik/
 
Ramo
just joined
Posts: 1
Joined: Sun Jan 14, 2018 9:21 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Jan 14, 2018 9:28 am

Is there anyone still use this attix ? i worked with this monitoring app for 1 year without problem but recently when i run the app i see an error " List index out of bound (22)" and nothing shows in the app.

and another question , how can i save the records ? and how can i reset result manually ?
 
theblackz
just joined
Posts: 6
Joined: Sat Jan 20, 2018 3:55 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jan 20, 2018 5:47 am

Hai guys,

before thanks for creating such amazing app, this is very helping me for monitoring my network.
and so i have read from the start till the end of this problem.
i have a time to make a simple step-by-step using configuration help from the app.
before my apologize if i make some sort of mistake by creating this step-by-step, i do not have any ill intention, just want to help everyone who have problems.

1st step:
enable your accounting on mikrotik ------ /ip accounting

Image

2nd step:
enable your web access accounting on mikrotik /ip accounting web access
enter your ip address local machine

Image

3rd step:
copy your service and viewer sniffer to c:\program files (x86) for 64bit or c:\program files for 32bit
ps: don't forget to change your folder name, anything will work fine

Image

4th step:
open your SnifferService.ini from service folder to change according your IP Network, Username and Password of your Mikrotik device.
also don't forget to change your mikrotik port www (default is 80), mine is 69
add port in front of AccountingPath if you use different port like mine, default port no need to add anything

Image

5th step:
open your Sniffer.ini from viewer folder and change the ip address based on you local machine.

Image

6th step:
open you command prompt as admin, then direct to your service sniffer folder and type exactly as shown.
SnifferService.exe /install
this will install Sniffer Service on your local machine service.

Image

final step:
open your task manager, and search for Sniffer service, then right click and click start.
you Sniffer service should be on Running state.

Image
Image
Image

and this is where you running the Sniffer Viewer.
Image

that's all guys, hope my step-by-step can help you.
regards and cheers :D
 
CrAzYs
just joined
Posts: 2
Joined: Wed Mar 28, 2018 10:34 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Mar 28, 2018 11:29 am

2018/03/28 12:23:44 - Info: Starting up sniffer service
2018/03/28 12:23:44 - Info: Mikrotik user: sniffer
2018/03/28 12:23:44 - Info: Mikrotik IP: 192.168.2.111
2018/03/28 12:23:44 - Info: Networks specified: 1
2018/03/28 12:23:44 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2018/03/28 12:23:44 - Info: SnifferService Port: 80
2018/03/28 12:23:44 - Info: Service started
2018/03/28 12:24:06 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:26 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:45 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.

help me
 
CrAzYs
just joined
Posts: 2
Joined: Wed Mar 28, 2018 10:34 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Apr 05, 2018 10:38 am

2018/03/28 12:23:44 - Info: Starting up sniffer service
2018/03/28 12:23:44 - Info: Mikrotik user: sniffer
2018/03/28 12:23:44 - Info: Mikrotik IP: 192.168.2.111
2018/03/28 12:23:44 - Info: Networks specified: 1
2018/03/28 12:23:44 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2018/03/28 12:23:44 - Info: SnifferService Port: 80
2018/03/28 12:23:44 - Info: Service started
2018/03/28 12:24:06 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:26 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:45 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.

help me
problem solved.. from the Node32 have to give full right to all the ports for sniffer service.exe
 
mirosein
just joined
Posts: 2
Joined: Sun Apr 22, 2018 7:34 am

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Apr 22, 2018 12:04 pm

Hi all
I've installed and run the sniffing services and I'm sure about my configurations, as I've followed up help files and help videos...
i can see AccountingPath=/accounting/ip.cgi
sniffingservice is running on windows service manager,
I've checked out all ports (set 80)
firewall is off...
but whenever I start the "sniffing service " on windows services after it's started, I check Mikrotik Log to see if user I have created is logged in or what ! find it logged in then logged out automatically!
i donno why is that!?
sniffer.JPG
i would be so glad if u can help to solve this issue.
thx. :)
You do not have the required permissions to view the files attached to this post.
 
zeeshanmustafa
just joined
Posts: 1
Joined: Thu Mar 15, 2018 9:09 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu May 03, 2018 6:53 am

failed to get HOST NAMES using mikrotik DHCP and DNS
any solution?
 
ehab69922
just joined
Posts: 1
Joined: Fri May 04, 2018 7:35 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri May 04, 2018 7:40 am

thnxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
musman
just joined
Posts: 1
Joined: Thu May 17, 2018 9:29 am

Re: Tool: Realtime per IP traffic monitor for home/office

Thu May 17, 2018 9:33 am

getting this error in log file, i've ips in ini file to my mikrotik ip that is 10.0.0.10, but its still showing this in log...

2018/05/16 12:39:35 - Info: Starting up sniffer service
2018/05/16 12:39:35 - Info: Mikrotik user: sniffer
2018/05/16 12:39:35 - Info: Mikrotik IP: 192.168.88.1
2018/05/16 12:42:55 - Info: Starting up sniffer service
2018/05/16 12:42:55 - Info: Mikrotik user:
2018/05/16 12:42:55 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:02 - Info: Starting up sniffer service
2018/05/16 12:48:02 - Info: Mikrotik user:
2018/05/16 12:48:02 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:04 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:10 - Info: Starting up sniffer service
2018/05/16 12:48:10 - Info: Mikrotik user:
2018/05/16 12:48:10 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:37 - Info: Starting up sniffer service
2018/05/16 12:48:37 - Info: Mikrotik user:
2018/05/16 12:48:37 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:37 - Info: Networks specified: 1
2018/05/16 12:48:37 - Info: Monitoring network: 192.168.20.0/255.255.252.0
2018/05/16 12:48:37 - Info: SnifferService Port: 80
2018/05/16 12:48:37 - Info: Service started
2018/05/16 12:48:39 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:40 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:41 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:42 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
 
exliko
just joined
Posts: 3
Joined: Wed Oct 01, 2014 4:56 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri Jun 22, 2018 4:20 am

Thx for this superb tool
I've been using it since 2014

It's been 5 years now, is there any updates for this tool?
 
User avatar
jhezzalian
just joined
Posts: 4
Joined: Mon Aug 06, 2018 8:21 am
Location: philippines
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Aug 06, 2018 11:58 am

sir where i can download attix5

This is a great tool danielm ! Thank you so much for making this and for making it available to everyone!

I think I (may) be experiencing an issue similar to kendo (and it also does come back to how the sniffer service polls/collects traffic data from the Mikrotik).

I regularly have Winbox and Snifferviewer(Attix5 Traffic Monitor) open, and I often see traffic that is WAY higher on the Mikrotik WAN/LAN interfaces than the aggregate traffic seen in the Snifferviewer program. I don't think I have ever seen it the other way around, where the traffic in Snifferviewer is higher than the traffic in Winbox (and this isn't due to a delay, as Snifferviewer never comes close to reaching the peaks reported by Winbox).

Is this traffic simply not counted? Is it too fleeting/instantaneous for the sniffer service to poll? Or does it simply not register in the Snifferviewer program (and the cumulative send/receive data is actually counted)? I've unchecked the "use 5 sec average" box hoping to view more real-time traffic. Below are 5 printscreens showing examples of what it is I'm experiencing, and also wonder if other people have seen the same.

Still, great tool danielm! :D

Image
Image
Image
Image
Image
 
rigasservice
just joined
Posts: 1
Joined: Fri Aug 10, 2018 8:56 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Aug 25, 2018 8:53 am

sir where i can download attix5
Read some post above :)
viewtopic.php?f=2&t=77193&start=250#p630420
 
Jazim
just joined
Posts: 2
Joined: Tue Aug 28, 2018 1:03 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Aug 28, 2018 1:06 pm

Hello !
I want to know how can i know my daily bandwidth usage ? I want total usage of my 04 isps which are configured in my microtec Routerboard.
 
tarecco
just joined
Posts: 5
Joined: Wed Aug 16, 2017 5:50 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Tue Sep 04, 2018 11:35 am

Awesome tool! Really appreciate it. Thank you

As for anyone that can't login and/or check, change you HTTP service port in IP to soething other than 80, and define the mikrotik address in the .ini file as 192.168.XX.XX:yyy instead of just 192.168.XX.XX, where yyy is your http service port. Did that, works like a bomb.
 
SilverNodashi
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 04, 2017 4:18 pm
Location: South Africa
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 28, 2018 2:40 pm

Is there this tool for Linux? (Service & Viewer)

Thanks.
I would also prefer a Linux version, but I guess this is what it is.
 
SilverNodashi
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 04, 2017 4:18 pm
Location: South Africa
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Nov 28, 2018 3:09 pm

Ok, so I tried this tool and it seems quite handy. Is there a way to see though which websites / services any of the IP's access? i.e. can I see if 192.168.1.107 access facebook.com, for example, and how much data is being downloaded from facebook.com?
 
mirzasoltan
just joined
Posts: 5
Joined: Sat Feb 16, 2019 9:48 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sun Feb 17, 2019 3:12 pm

hi,

i installed attix5 traffic monitor and successfully run sniffer viewer.

i see our ip addresses and traffic usage of them, but HOST column is empty!! i want to see hostname of per ip or user names. what is the problem?

i use user manager tool in mikrotik and our clients are authenticating from user manager users. (hotspot users in mikrotik is empty)

what can i do, to see HOST information in sniffer view? or is it a better application that can used for monitoring just the usage of users bandwidth and their traffic throw mikrotik?

thanks
 
nemilose
just joined
Posts: 1
Joined: Sat Sep 19, 2015 10:33 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Thu Mar 28, 2019 10:14 pm

^
You need to create ips.txt file with the following contents:
IP1=Computer 1
IP2=Mobile phone
...etc.

For example:
192.168.1.101=Computer 1
192.168.1.102=Mobile phone
192.168.1.104=Laptop
192.168.1.108=TV
 
borajuanjo
just joined
Posts: 8
Joined: Fri May 10, 2019 9:43 am

Re: Tool: Realtime per IP traffic monitor for home/office

Fri May 10, 2019 9:50 am

Where can I donwload Attix?

Thanks..

Get it here https://dllfppblog.wordpress.com/catego ... /mikrotik/
As of today, the links in this blog are broken. Does anybody know anything about this? I can't find Attix5 anywhere. Is it free BTW?
 
nikc
Member Candidate
Member Candidate
Posts: 208
Joined: Wed Jul 13, 2016 6:05 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Fri May 10, 2019 12:53 pm

[/quote]
As of today, the links in this blog are broken. Does anybody know anything about this? I can't find Attix5 anywhere. Is it free BTW?
[/quote]

Viewer - https://app.box.com/s/uszqxbxk15g9jup5qiq3nqlvp8h8vxaj
Service - https://app.box.com/s/elqkvbsnz03b6welhikkcvbj36octdmp
 
dakotabcn
newbie
Posts: 49
Joined: Thu Apr 21, 2016 11:16 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Jun 29, 2019 12:24 am

Thanks for the tool
I have problem with snifferviewer, i have installed the service in windows 7 VM machine, start and connect with the mikrotik OK. I use the viewer in local and show data, but if use the viewer in another machine and indicate the VM machine no show any data, i have disabled the firewall but no work
any idea?

regards
 
aungkooo
just joined
Posts: 2
Joined: Thu Mar 15, 2018 4:39 am

Re: Tool: Realtime per IP traffic monitor for home/office

Wed Sep 25, 2019 8:02 am

How to configure to see host name in viewer .
 
shovon
newbie
Posts: 25
Joined: Sat May 07, 2011 9:31 am
Location: Dhaka, Bangladesh
Contact:

Re: Tool: Realtime per IP traffic monitor for home/office

Sat Dec 07, 2019 9:16 am

Those who are not seeing hostnames in Sniffviewer, install v1.0.3, it'll surely work.
 
mpalohana
just joined
Posts: 1
Joined: Mon Aug 17, 2020 7:01 pm

Re: Tool: Realtime per IP traffic monitor for home/office

Mon Aug 17, 2020 7:13 pm

Dear Sir

I need help in Attix5 Traffic monitor in which it shows only one wan traffic where as the other one is also running but not showing.

Basically i have two connections and working simultaneously, the all connections are also given to bridge connection but the traffic only shows one wan usage .

Total usage in interface view is 30 GB (wan1-14GB & wan2-16GB) but traffic monitor shows only 14 GB.

Kindly support

Who is online

Users browsing this forum: DanMos79, Google [Bot], korg, neskiask and 104 guests