That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.Any idea why this tool will only work when I have torch running on the local bridge?
Thanks for the reply! Kind of what I was starting to understand. From what I was reading, FastTrack can dramatically increase speeds, is that right? Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack. What I'm think is that if the SnitchMonitor Service can detect connected clients, then it can send out a command to either disable or enable FasTrack depending on the presence of a user.That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.Any idea why this tool will only work when I have torch running on the local bridge?
Yes, that's correct.FastTrack can dramatically increase speeds, is that right?
Well, that's not that easy. You can, for instance, use API calls to disable/enable fasttrack firewall rules, but the already fasttracked connections will continue to go fast path until the connection is closed.Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack.
Ok, I'll definitelylook into traffic-flow more. My first reading looks like I can use utilities that are built for Netflow protocol. Do you have suggestions on any tools? I'm looking for something can can monitor internet bandwidth usage per client with a graphical interface--essentially exactly what this tool does (except with fasttrack!).If you need to use fasttrack and want to monitor you bandwidth consumption at the same time, I suggest you looking at /ip traffic-flow instead of the /ip accounting (traffic-flow works with fasttrack since 6.33).
ManageEngine NetFlow Analyzer used to be a good (commercial) product, but, IMO, is not anymore. They redesigned interface at some point (made it "modern") and it became awfully slow and less functional. I'm stuck at version 9.8 (was released in 2011). Also just google- there are quite a few NetFlow collectors available, both free and commercial.Do you have suggestions on any tools?
Is there any way of overriding the default ssh port 22? To avoid brute force attacks, my Mikrotik is set to a different port.
The ini.file's port setting only overrides web, not SSH access. I tried changing the server to 192.168.1.88:5005, but that does not seem to register.
Any guidance much appreciated!
I need this as well...if my ssh port is not on 22, how do i configure the ini?
Where can I donwload Attix?
problem solved.. from the Node32 have to give full right to all the ports for sniffer service.exe2018/03/28 12:23:44 - Info: Starting up sniffer service
2018/03/28 12:23:44 - Info: Mikrotik user: sniffer
2018/03/28 12:23:44 - Info: Mikrotik IP: 192.168.2.111
2018/03/28 12:23:44 - Info: Networks specified: 1
2018/03/28 12:23:44 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2018/03/28 12:23:44 - Info: SnifferService Port: 80
2018/03/28 12:23:44 - Info: Service started
2018/03/28 12:24:06 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:26 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:45 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
This is a great tool danielm ! Thank you so much for making this and for making it available to everyone!
I think I (may) be experiencing an issue similar to kendo (and it also does come back to how the sniffer service polls/collects traffic data from the Mikrotik).
I regularly have Winbox and Snifferviewer(Attix5 Traffic Monitor) open, and I often see traffic that is WAY higher on the Mikrotik WAN/LAN interfaces than the aggregate traffic seen in the Snifferviewer program. I don't think I have ever seen it the other way around, where the traffic in Snifferviewer is higher than the traffic in Winbox (and this isn't due to a delay, as Snifferviewer never comes close to reaching the peaks reported by Winbox).
Is this traffic simply not counted? Is it too fleeting/instantaneous for the sniffer service to poll? Or does it simply not register in the Snifferviewer program (and the cumulative send/receive data is actually counted)? I've unchecked the "use 5 sec average" box hoping to view more real-time traffic. Below are 5 printscreens showing examples of what it is I'm experiencing, and also wonder if other people have seen the same.
Still, great tool danielm!
Read some post abovesir where i can download attix5
I would also prefer a Linux version, but I guess this is what it is.Is there this tool for Linux? (Service & Viewer)
As of today, the links in this blog are broken. Does anybody know anything about this? I can't find Attix5 anywhere. Is it free BTW?Where can I donwload Attix?
Get it here https://dllfppblog.wordpress.com/catego ... /mikrotik/