Page 1 of 1

Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Sep 27, 2013 1:27 pm
by danielm
Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:

Image

It is also extremely useful to see the traffic shaping effects when playing around with shaping rules on your Mikrotik router. It uses the Accounting feature of your router.

The tool with basic instructions is attached to this post or you can download it from the links below.

I hope this can be of use to someone! Comments welcome. :)

Daniel

PS: I know this is technically not a 'sniffer' but it actually started off as one so the name stuck.

EDIT:
I added a new version to this post (V1.0.3). Download the service and viewer from the links below. I had to split them because the forum does not allow files larger than 1 MB any more.
Change Log:
V1.0.3 (2014-06-24)
Download: Viewer and Service
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
V1.0.2 (2014-01-15)
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Fri Sep 27, 2013 2:36 pm
by efaden
Link doesn't seem to work? But it looks cool.

Sent from my SCH-I545 using Tapatalk 4

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Fri Sep 27, 2013 2:58 pm
by danielm
Link doesn't seem to work? But it looks cool.
Odd, it works in my browser. The zipfile is also attached to the message if the link does not work for some reason.

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Fri Sep 27, 2013 3:48 pm
by kashifmac2005
Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Fri Sep 27, 2013 4:03 pm
by danielm
Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer
Not sure I understand the question. This tool shows all traffic going through the router (Lan to Internet) and shows host names. Sounds like that is what you need?

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Sun Sep 29, 2013 6:32 pm
by 01101110110110
This looks really useful, I'll give it a try and report back.

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Sun Sep 29, 2013 6:51 pm
by 01101110110110
Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ? You have all these columns but I can't use them to sort the list and see which user has the highest send/receive or total download...etc. Or the ability to filter, i.e monitor a few specific IP's, known downloaders and such, perhaps a list ? Anyways, great work, I've been looking for something like this for a while, and its fairly simple to get working.

edit:
you may wanna double check the numbers, for some reason its reporting some of my IP's over their 1mb limit, but I have winbox opened and its barely close to the limit

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Sun Sep 29, 2013 9:41 pm
by danielm
Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ? You have all these columns but I can't use them to sort the list and see which user has the highest send/receive or total download...etc. Or the ability to filter, i.e monitor a few specific IP's, known downloaders and such, perhaps a list ? Anyways, great work, I've been looking for something like this for a while, and its fairly simple to get working.

edit:
you may wanna double check the numbers, for some reason its reporting some of my IP's over their 1mb limit, but I have winbox opened and its barely close to the limit
Thanks for the feedback, glad you like it! The colour scheme is the same as the one used in munin. The columns are sorted by total transfer size (sum of up and down traffic) i.e. your top users will be listed first. Active users (>= 100kbps up or down) will be marked in bold so they will stand out anyway. Our office is only 16 people so showing the 30 most active ones is really sufficient. On a Lan with more than 30 machines all IP's generating traffic are always shown but all the ones more than 30 are summed together as 'other' on the graph.

I'm surprised to hear your numbers are out because I find it very accurate. I do use a 5 second running average, however, so you will see some smoothing out. But a sustained load should be reflected quite accurately. I would be curious what other users experience.

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Mon Sep 30, 2013 7:37 am
by kashifmac2005
Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:
brother is there any solution for realtime traffic monitor for LAN to internet side (WAN) which also resolve address to host like sniffer
Not sure I understand the question. This tool shows all traffic going through the router (Lan to Internet) and shows host names. Sounds like that is what you need?
yes and host names of internet ip address i knw not all the ips are resolvable 100% but can help who is surfing what thanks brother

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Mon Sep 30, 2013 10:42 am
by slech
danielm,
Thank you for nice tool!
Do you have any plans to add browsers support as viewers ?

Re: Realtime per IP Mikrotik traffic monitor for home/office

Posted: Mon Sep 30, 2013 10:52 am
by danielm
danielm,
Thank you for nice tool!
Do you have any plans to add browsers support as viewers ?
Thanks. No, sorry, no such plans at this time.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 24, 2013 3:43 pm
by eXtremer
Great app, thank you!
Karma +1

Is it possible to add sorting by day, week, month ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 24, 2013 4:00 pm
by danielm
Is it possible to add sorting by day, week, month ?
eXtremer, do you mean having a daily/weekly/monthly graph?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 24, 2013 4:43 pm
by eXtremer
Is it possible to add sorting by day, week, month ?
eXtremer, do you mean having a daily/weekly/monthly graph?
Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 24, 2013 6:19 pm
by danielm
Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year if anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 25, 2013 10:24 am
by eXtremer
Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year of anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.
Post the plugin please, I installed the munin Windows version, I hope I will have no troubles configuring it.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 25, 2013 2:17 pm
by danielm
Yes.

And BTW the *.csv file isn't saved. I click save but I don't see the file.
Hmm, you're right about the CSV. I actually never use it but I'll fix/remove it for a next version. Does anyone need it? :)

The viewer app has no history capability, only real-time. I do have a (slightly crude but working) munin plugin that will plot the same details for day/week/month/year of anyone is interested. It connects to the same service as the viewer does. Of course you will need a working munin setup.
Post the plugin please, I installed the munin Windows version, I hope I will have no troubles configuring it.
Here you go. Note that it is written in python so you will need that too.
I'm no python programmer, so it can probably be done much cleaner. But it does the job.

The daily graph looks like this:

Image

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 25, 2013 11:06 pm
by jp
Neat looking tool, does the munin plugin connect to the mikrotik or the windows box running your software? I've downloaded and am playing with it.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Oct 26, 2013 9:32 pm
by danielm
Neat looking tool, does the munin plugin connect to the mikrotik or the windows box running your software? I've downloaded and am playing with it.
It connects to the service on the Windows box.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Dec 08, 2013 10:05 pm
by ctng
Good day,
please can anyone assist in setting up attrix5. i configured it to listen on port 85 and i get this message on the snifferservice.txt file on the service PC
cannot get traffic:connect timeout. (172.0.0.1:80)
the viewer screen is blank.

please assist

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Dec 16, 2013 9:41 am
by danielm
Good day,
please can anyone assist in setting up attrix5. i configured it to listen on port 85 and i get this message on the snifferservice.txt file on the service PC
cannot get traffic:connect timeout. (172.0.0.1:80)
the viewer screen is blank.

please assist
Is 172.0.0.1 your mikrotik? Did you enable accounting? You should get traffic info when you enter 172.0.0.1 in your browser.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Dec 17, 2013 5:34 pm
by jemp
Hi Daniel
Tnx for this program.. works great..
I need more of these tools..
Indeed also for Saving and monitoring for month statistics.. per user, or per IP...
Keep up the good work
Do you have a website , where we can follow this ?
Tnx

JP

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Dec 17, 2013 7:58 pm
by Stillhard
thx danielm, this tool working great here.

Can you make this tool to accept different subnet too?
I want to capture for ex. 192.168.0.0/24 and 10.100.100.0/24

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 18, 2013 11:27 am
by danielm
Indeed also for Saving and monitoring for month statistics.. per user, or per IP...
JP,

Glad you like it. To keep track of monthly usage you can set this setting in the SnifferService.ini file:
ClearSchedule=monthly
This will store the usage for the whole month (instead of just one week) and also write out a CSV file i.e.
201312.txt (yyyymm.txt) in the service folder.

Sorry, there is no website at this time.

Daniel

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 18, 2013 2:05 pm
by jemp
Daniel
tnx for tip..
the Save File does not work.. like said, one can choose a folder, but nothing is saved..
Would there be an update ?
Tnx in advance
JP

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 18, 2013 2:53 pm
by danielm
JP,

I'd rather remove that feature since it saves the values as "34.66 GB and "12.34 MB" instead of byte values. Best would be let the service create the file.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 18, 2013 2:54 pm
by danielm
thx danielm, this tool working great here.

Can you make this tool to accept different subnet too?
I want to capture for ex. 192.168.0.0/24 and 10.100.100.0/24
Anything is possible :)

I'll see if I can add capability to accept comma delimited values for network and mask.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Dec 24, 2013 12:30 pm
by ircome
hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 25, 2013 10:05 am
by ircome
ohhhh
no any bodi there?
i really need this app!!!!
plz help me

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Dec 27, 2013 3:30 am
by scracha
Service log has following:-
"Error: Cannot execute C:\Program Files\Sniffer\Service\plink.exe"

Win XP home so can't be UAC. Any ideas anyone?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jan 07, 2014 2:29 pm
by ircome
hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also

i can make this software to do but i usage with mikrotik hotspot so viewer can only shown to me any ip that added to ip bindig:(
i wanna find what port usage with this app to allow to this.
help me

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jan 12, 2014 1:39 am
by imaljko4
This is a great utility, just what i needed.
Is it also somehow possible to see the hosts name, next to the Ip address (in my case the hosts name dont always show up)?
Also how do i now disable the logs in mikrotik router, for the ssh sniffer user ( now my logs are full with the "sniffer" user, log-in and log-out?

Thank you

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 4:52 pm
by danielm
This is a great utility, just what i needed.
Is it also somehow possible to see the hosts name, next to the Ip address (in my case the hosts name dont always show up)?
Also how do i now disable the logs in mikrotik router, for the ssh sniffer user ( now my logs are full with the "sniffer" user, log-in and log-out?

Thank you
imaljko4,

If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 4:57 pm
by danielm
hi dear danielm
i try to use this bud don't work
can help me?
when start sniffer service in mikrotik log shown me ssh user log in but rapidly in the next line shown ssh user log out!!!!!!
also me can't see http://192.168.88.1/accounting/ip.cgi
i use mikrotik hotspot also

i can make this software to do but i usage with mikrotik hotspot so viewer can only shown to me any ip that added to ip bindig:(
i wanna find what port usage with this app to allow to this.
help me
Hi ircome

Did you manage to get http://192.168.88.1/accounting/ip.cgi to show in a browser? If so how because I have the same problem at a particular site where hotspot is used and I don't know how to get around it (I cannot access the mikrotik accounting page from a browser or from the sniffer)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 4:59 pm
by danielm
Service log has following:-
"Error: Cannot execute C:\Program Files\Sniffer\Service\plink.exe"

Win XP home so can't be UAC. Any ideas anyone?
Can you run plink.exe from cmd line?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 6:13 pm
by imaljko4
If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik
You are wright, the host-names do show up, just they sometimes get lost when my server-computer(with sniffer service running) resumes from standby.
So when my computer resumes from standby i had to stop/start the sniffer service, and then i got the host-names again.

Thanks

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 8:56 pm
by imaljko4
One more question; is it possible to monitor Ip addresses for 2 networks?

On my Mikrotik router i have :
network 1 : 192.168.1.0/24
network 2: 10.0.0.0/24

I would like to monitor Ip addresses on both networks.

So how do i need to change the values in the SnifferService.ini file?
Something like this or?
#Capture packets from this network (ignore internal traffic) - network 1
Network=192.168.1.0
Mask=255.255.255.0

#Capture packets from NETWORK 2

Network=10.0.0.0
Mask=255.255.255.0

#Mikrotik Server
Mikrotik=192.168.1.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=XXXXX
Thank you for help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 13, 2014 10:13 pm
by danielm
If you use DHCP and/or DNS on the mikrotik the host names should show (that is what you see in the logs - the dns entries being downloaded)
Not sure how to disable logging in mikrotik
You are wright, the host-names do show up, just they sometimes get lost when my server-computer(with sniffer service running) resumes from standby.
So when my computer resumes from standby i had to stop/start the sniffer service, and then i got the host-names again.

Thanks
It should refresh every 5 mins. Just give it a while.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jan 15, 2014 11:21 am
by danielm
One more question; is it possible to monitor Ip addresses for 2 networks?
Now you can :) . I have added this feature and added all the info below to the first post of this thread.

Changes are
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt
Download link: Sniffer-2014-01-15.zip

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jan 15, 2014 11:45 am
by imaljko4
Great! Thank you very much!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 16, 2014 4:36 am
by omega-00
Tested on 3 different Windows 7 machines and all I see in the log is:

2014/01/16 12:26:07 - Info: Starting up sniffer service
2014/01/16 12:26:07 - Info: Mikrotik user: sniffer
2014/01/16 12:26:07 - Info: Mikrotik IP: 172.16.0.1

Then nothing in the viewer. It doesn't seem as though the SnifferService.exe continues running after that point?
Is there any way to see more debug info?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 16, 2014 8:37 am
by danielm
omega-00,

There are a number of checks described in readme.txt that you can do. Basically you want to check:
- you can access the traffic info on the mikrotik from a browser running on the machine where the sniffer service runs
- when you start the service you want to see that the user 'sniffer' logs in on the mikrotik (check mikrotik logs)
- then check you can see traffic and ips using a browser to connect to the service
- then start the viewer

Does the service crash at that point or is it still running?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 16, 2014 7:55 pm
by jemp
Tnx Daniel and Happy 2014
Love this new version... works great, monitoring 2 network segments..
Keep U the good work
JP, Antwerp

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jan 17, 2014 3:24 am
by omega-00
- can access the traffic page from the machine running the sniffer service (http://ipaddress/accounting/ip.cgi loads, can see traffic listed)
- can't see user 'sniffer' login to the mikrotik (user account is present on the mikrotik) no user login error shows in the log either
telnet and ssh are available from the machine running the sniffer service to the mikrotik

service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jan 17, 2014 8:32 am
by danielm
Firstly, is plink.exe available in the same folder as snifferservice.exe? Can you execute it successfully from command line?

Otherwise it may be a config issue - the app does not tolerate an invalid config very well (I guess I can improve that at some stage). Can you perhaps post your snifferservice.ini file?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jan 18, 2014 3:05 am
by lucianog
Firstly, is plink.exe available in the same folder as snifferservice.exe? Can you execute it successfully from command line?

Otherwise it may be a config issue - the app does not tolerate an invalid config very well (I guess I can improve that at some stage). Can you perhaps post your snifferservice.ini file?
I have the same problem, since I can run the console plink.exe and is in the same folder where is stored snifferservice.exe.
This is my configuration snifferservice.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.80.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.80.1:8292
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

Thanks for your suggestions

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jan 18, 2014 4:41 am
by imaljko4
I have the same problem, since I can run the console plink.exe and is in the same folder where is stored snifferservice.exe.
Can you make sure that the sniffer service is running (after install i had to manually start the "sniffer service" under control panel- "services")?
Also can you access the http://ipaddress/accounting/ip.cgi page?
if yes, then "danielm" will have to help you out :) But would be good if you can also post the "SnifferService.log" file.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jan 18, 2014 6:22 am
by lucianog
Can you make sure that the sniffer service is running (after install i had to manually start the "sniffer service" under control panel- "services")?
Yes!!!
Image
Also can you access the http://ipaddress/accounting/ip.cgi page?
Yes!!!
Image
if yes, then "danielm" will have to help you out :) But would be good if you can also post the "SnifferService.log" file.
My SnifferService.log file:
2014/01/17 21:37:58 - Info: Starting up sniffer service
2014/01/17 21:37:58 - Info: Mikrotik user: sniffer
2014/01/17 21:37:58 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:38:33 - Info: Starting up sniffer service
2014/01/17 21:38:33 - Info: Mikrotik user: sniffer
2014/01/17 21:38:33 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:38:43 - Info: Starting up sniffer service
2014/01/17 21:38:43 - Info: Mikrotik user: sniffer
2014/01/17 21:38:43 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:39:07 - Info: Starting up sniffer service
2014/01/17 21:39:07 - Info: Mikrotik user: sniffer
2014/01/17 21:39:07 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:43 - Info: Starting up sniffer service
2014/01/17 21:41:43 - Info: Mikrotik user: sniffer
2014/01/17 21:41:43 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:57 - Info: Starting up sniffer service
2014/01/17 21:41:57 - Info: Mikrotik user: sniffer
2014/01/17 21:41:57 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:41:57 - Info: Networks specified: 1
2014/01/17 21:41:57 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/17 21:41:57 - Info: SnifferService Port: 80
2014/01/17 21:41:57 - Info: Service started
2014/01/17 21:41:57 - Error: Cannot execute C:\Service\plink.exe 
2014/01/17 21:58:02 - Info: Starting up sniffer service
2014/01/17 21:58:02 - Info: Mikrotik user: sniffer
2014/01/17 21:58:02 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:58:09 - Info: Starting up sniffer service
2014/01/17 21:58:09 - Info: Mikrotik user: sniffer
2014/01/17 21:58:09 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/17 21:58:09 - Info: Networks specified: 1
2014/01/17 21:58:09 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/17 21:58:09 - Info: SnifferService Port: 80
2014/01/17 21:58:09 - Info: Service started
2014/01/17 21:58:09 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
2014/01/18 01:05:45 - Info: Service stopped
2014/01/18 01:16:14 - Info: Starting up sniffer service
2014/01/18 01:16:14 - Info: Mikrotik user: sniffer
2014/01/18 01:16:14 - Info: Mikrotik IP: 192.168.80.1:8292
2014/01/18 01:16:14 - Info: Networks specified: 1
2014/01/18 01:16:14 - Info: Monitoring network: 192.168.80.0/255.255.255.0
2014/01/18 01:16:14 - Info: SnifferService Port: 80
2014/01/18 01:16:14 - Info: Service started
2014/01/18 01:16:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
2014/01/18 01:16:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe 
We add the following information:
OS: Windows XP Pro SP3 x86 (Spanish Edition)
Firewall OS: Off
Antivirus: None
.Net Framework: None

Thanks in advance

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jan 18, 2014 8:31 am
by danielm

#Mikrotik Server
Mikrotik=192.168.80.1:8292
I see a problem. The 'mikrotik' setting does not support a port. At the moment it defaults to port 80.

Edit: it defaults to port 80 for web traffic and port 22 for ssh.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 3:35 am
by lucianog
Hello danielm foremost appreciate your response.
I mention that I changed the port Mikrotik Web service, from 8292 to 80.
I verify that I can access via browser http://192.168.80.1/accounting/ip.cgi

With the following results:
Image

I also keep seeing in the log file indicating that the line can not run the program plink.exe located in the same folder as SnifferService.exe
Image

Of course I appreciate your comments

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 11:45 am
by danielm
lucianog,

Please try the attached service (just replace the existing exe file). It has some extra debugging info. Upload your logfile again.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 2:16 pm
by lucianog
Hi Danielm:
This is the information requested:
Image

Thanks in advance!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 2:36 pm
by lucianog
SOLVED!!
Hi Danielm
The problem was on the SSH port, I changed it to 222 of 22

Thanks for the support!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 2:55 pm
by Stillhard

#Mikrotik Server
Mikrotik=192.168.80.1:8292
I see a problem. The 'mikrotik' setting does not support a port. At the moment it defaults to port 80.

Edit: it defaults to port 80 for web traffic and port 22 for ssh.
Weird, im my conf, it works fine with other port other than the default just like lucianog's conf 8)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 20, 2014 4:32 pm
by danielm
Weird, im my conf, it works fine with other port other than the default just like lucianog's conf 8)
Hmm, it turns out you can indeed specify a port in the .ini file. It is used for http but ignored for SSH (by plink.exe). So if you specify 192.168.88.1:8080 it will be used as follows

- to get traffic, sniffer will connect to http://192.168.88.1:8080
- to get DNS and DHCP, sniffer will connect to 192.168.88.1:22 using ssh

So you MUST use port 22 for SSH (in the current version), as lucianog discovered :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jan 21, 2014 8:13 am
by danielm
service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.
Omega-00, do give the updated snifferservice.exe a try. If it still fails you can execute plink.exe from the command line using the same parameters as in the logfile to see what results you get.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 23, 2014 5:43 pm
by rodasram
Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 23, 2014 5:45 pm
by rodasram
Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jan 24, 2014 11:53 am
by danielm
Hello. Can you create a list with the names of host? how works the ips.txt file? Thank you.
Easiest and best option is to add them as DNS entries on your Mikrotik. The app will then display them correctly if the ssh setup is done as described in the readme.

Alternatively create a file and specify it in IPSource entry for Sniffer.ini
i.e. ips.txt
192.168.1.1=firewall
192.168.1.2=server1
192.168.1.20=my pc
However, this would ignore all DNS and DHCP info from the mikrotik server.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jan 24, 2014 5:11 pm
by rodasram
Thanks! the equals sign is the clue!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Feb 08, 2014 5:50 pm
by bax
Avira - antivirus is also complain ... but it works ...

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Feb 12, 2014 12:04 pm
by danielm
Avira - antivirus is also complain ... but it works ...
I have submitted a false positive notification to Avira

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Feb 14, 2014 4:43 pm
by danielm
Response from Avira:

Please find a detailed report concerning each individual sample below:

Filename Result
SnifferService.exe FALSE POSITIVE

The file 'SnifferService.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.11.131.42.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Feb 14, 2014 5:08 pm
by silversword
Of course if you have a MikroTik...the easiest way to view live data is:
Tools | Torch
LAN traffic use bridge-local interface
Internet traffic use ether1-gateway

:)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Feb 17, 2014 1:21 pm
by danielm
:lol:

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Mar 20, 2014 8:51 am
by palindrom
hello daniel, i got these messages in snifferservice.log
2014.03.20 12:37:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:42:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:47:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
what is plink.exe?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Mar 20, 2014 5:07 pm
by danielm
hello daniel, i got these messages in snifferservice.log
2014.03.20 12:37:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:42:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
2014.03.20 12:47:14 - Error: Cannot execute C:\Program Files (x86)\Sniffer\plink.exe
what is plink.exe?
plink.exe does the ssh comms with your mikrotik.

Try to run it from the command line e.g.:
plink.exe sniffer@192.168.88.1

You should be able to connect to the mikrotik.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Apr 07, 2014 8:06 am
by KiyasMocha
I've the same problem here >_<

I can't see from MikroTik logs that user: sniffer logging in. but I can see http://ipaddress/accounting/ip.cgi

please guide me :) I'm new to this great things, I really am thank you anyway :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Apr 08, 2014 10:22 am
by KiyasMocha
this is my screenshot

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 10, 2014 3:40 pm
by KiyasMocha
I always get this error ><

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Apr 12, 2014 2:56 pm
by pukkita
works awesome, thanks for sharing!!!!!!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Apr 22, 2014 6:01 pm
by florianGinier
Hello everyone.

I'm a French student in computer networks and I must admit that you have done an amazing job.
Nevertheless, I would like to know if there is a possibility to export a daily basis of the real time capture without using munin ?
The goal is to find which IP uses more bandwidth in the day.

If you know any other scripts/tools/programs that can do that, I'm interested !

Thank you everyone and goodbye !

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Apr 29, 2014 6:31 am
by himawarichan
Hi Daniel,

I am so happy that I found this tool you made. Thanks for your effort, great effort :)
It's the tool which I've been searched for a while, and now I found it.

I successfully set this tool on my computer, and the service runs well.
I just do not have understanding about the munin plugin you post. How does that plugin applied to the tool?

Please enlighten me.

Again, many thanks for your great effort :)

Cheers

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu May 01, 2014 5:08 pm
by dw5304
tool works great.
I have a small request seeing that we have multiple mikrotik devices can you make it so u can install the service as another name so we have unique instances of the service running to "segment" the bandwidth? thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 05, 2014 4:35 am
by omega-00
service crashes before the login process it seems.
I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything.
Omega-00, do give the updated snifferservice.exe a try. If it still fails you can execute plink.exe from the command line using the same parameters as in the logfile to see what results you get.
I'm using the new snifferservice.exe.

Executing/logging in via plink.exe manually works fine. Gives me the MT command prompt as expected.

Executing the new snifferservice.exe just generates the following 3 lines; from command line the app appears to start then stop straight away. :-(
2014/05/05 11:17:31 - Info: Starting up sniffer service
2014/05/05 11:17:31 - Info: Mikrotik user: sniffer
2014/05/05 11:17:31 - Info: Mikrotik IP: 192.168.252.1

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 05, 2014 6:39 pm
by danielm
Hello everyone.

I'm a French student in computer networks and I must admit that you have done an amazing job.
Nevertheless, I would like to know if there is a possibility to export a daily basis of the real time capture without using munin ?
The goal is to find which IP uses more bandwidth in the day.

If you know any other scripts/tools/programs that can do that, I'm interested !

Thank you everyone and goodbye !
You can just interrogate the sniffer service using rest to get realtime traffic info. Just go to the snifferservice ip address using a browser. The headers are at the top.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 05, 2014 6:40 pm
by danielm
tool works great.
I have a small request seeing that we have multiple mikrotik devices can you make it so u can install the service as another name so we have unique instances of the service running to "segment" the bandwidth? thanks.
Ah, good idea. Will look into that.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 05, 2014 6:43 pm
by danielm
I'm using the new snifferservice.exe.
Are you using the service exe posted in this thread on 14 March 2013 (top of page 2)?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun May 11, 2014 1:48 pm
by maxkomp
Thanks daniel, It So Works beautiful

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 12, 2014 6:20 am
by KiyasMocha
please anyone, help me!!! >_<

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 13, 2014 3:36 pm
by tussockland
Hi Daniel, been trying to get it to work on my RB750UP, but it is set up as a basic Switch (bridge) not using DHCP etc, should it still work somehow? Is there any extra settings I need to consider?
-Currently i can get service running, login etc, but error in log file of "Cannot get traffic: Connect timed out."
-Also i get nothing when I try web browser http://192.168.178.14:80/accounting/ip.cgi
-have checked and allowed port 80 on firewall.
I note you say in the file "The setup works best when you use the miktorik router for DCHP and optionally DNS" ... so it gives me hope it may still work for me??

SETTINGS:
[Settings]
#Required settings are uncommented
#Defaults are shown
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.178.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0
#Mikrotik Server
Mikrotik=192.168.178.14
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi
#Alternative service port to listen on
#ServicePort=80
#Convert static DNS names to uppercase
#UppercaseStatic=1
#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com
#Clear values weekly (default) or monthly
ClearSchedule=weekly

SNIFFER LOG:
2014/06/14 00:26:02 - Info: Starting up sniffer service
2014/06/14 00:26:02 - Info: Mikrotik user: sniffer
2014/06/14 00:26:02 - Info: Mikrotik IP: 192.168.178.14
2014/06/14 00:26:02 - Info: Networks specified: 1
2014/06/14 00:26:02 - Info: Monitoring network: 192.168.178.0/255.255.255.0
2014/06/14 00:26:02 - Info: SnifferService Port: 80
2014/06/14 00:26:02 - Info: Service started
2014/06/14 00:28:40 - Error: Cannot get traffic: Connect timed out. (192.168.178.14:80)
2014/06/14 00:28:41 - Error: Cannot get traffic: Connect timed out. (192.168.178.14:80)

Webpage 192.168.178.55/ip from an External computer:
DHCP Leases:
=
Static DNS:
192.168.1.1=localrouter
208.67.220.220=opendns2
208.67.222.222=opendns
DHCP: 1
Static: 3
---------------
Total: 4

Looks like this is the problem?? but i've no idea how to fix it...

Regards, Richard

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jun 16, 2014 4:33 am
by Cliff
Hello, I have the issue.
Can you help me?

Mikrotik http port: 81
Using Windows 8.1 Pro (x86)
Using Mikrotik 6.14

SnifferService.ini file:
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=172.29.10.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=172.29.10.1
MikrotikSSHUser=admin
MikrotikSSHPassword=xxx
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly
SnifferService.log file:
2014.06.16 12:23:56 - Info: Starting up sniffer service
2014.06.16 12:23:56 - Info: Mikrotik user: admin
2014.06.16 12:23:56 - Info: Mikrotik IP: 172.29.10.1
2014.06.16 12:23:56 - Info: Networks specified: 1
2014.06.16 12:23:56 - Info: Monitoring network: 172.29.10.0/255.255.255.0
2014.06.16 12:23:56 - Info: SnifferService Port: 81
2014.06.16 12:23:56 - Info: Service started
2014.06.16 12:23:59 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2014.06.16 12:24:01 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2014.06.16 12:24:04 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
etc
Winbox log:
Jun/16/2014 12:24:10 user admin logged in from x.x.x.x via ssh
Jun/16/2014 12:24:10 user admin logged out from x.x.x.x via ssh

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 19, 2014 4:17 pm
by danielm
OK, I have finally found the trick to get plink.exe working. The problem lies in the fact that plink does not yet trust the ssh connection to the mikrotik box. The first time you connect plink asks you to add the host key to your registry and you must answer yes.

SO, open a command prompt and execute the following command from your snifferservice folder (specify the mikrotik router ip):
plink 192.168.88.1


The output looks like this:
C:\Program Files\Sniffer\Service>plink 192.168.88.1
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you
think it is.
The server's dss key fingerprint is:
ssh-dss 1024 xxxxxxxxx
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the connection.
Store key in cache? (y/n) y
login as: sniffer
That's it. Just Ctrl-C to exit. Now restart the sniffer service and confirm you see the user sniffer log in to the router.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jun 25, 2014 9:57 pm
by edi1979
Hi. I just want to know if it is possible to monitor more than 1 mikrotik on the same viewer ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 26, 2014 3:34 pm
by danielm
Hi. I just want to know if it is possible to monitor more than 1 mikrotik on the same viewer ?
No, you can't

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 26, 2014 3:42 pm
by danielm
Hi All,

V1.0.3 is available and includes the following changes:
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
Download: Viewer and Service

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 26, 2014 4:32 pm
by danielm
Hi Daniel, been trying to get it to work on my RB750UP, but it is set up as a basic Switch (bridge) not using DHCP etc, should it still work somehow? Is there any extra settings I need to consider?
-Currently i can get service running, login etc, but error in log file of "Cannot get traffic: Connect timed out."
-Also i get nothing when I try web browser http://192.168.178.14:80/accounting/ip.cgi
-have checked and allowed port 80 on firewall.
I note you say in the file "The setup works best when you use the miktorik router for DCHP and optionally DNS" ... so it gives me hope it may still work for me??
Richard,

If you don't use DHCP that should not be an issue - you just won't see names next to the IP's. your problem lies in the fact that you cannot access http://192.168.178.14:80/accounting/ip.cgi. If you can't then the sniffer can't. I assume 192.168.178.14 is your mikrotik?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 26, 2014 4:35 pm
by danielm
Hi Daniel,

I am so happy that I found this tool you made. Thanks for your effort, great effort :)
It's the tool which I've been searched for a while, and now I found it.

I successfully set this tool on my computer, and the service runs well.
I just do not have understanding about the munin plugin you post. How does that plugin applied to the tool?

Please enlighten me.

Again, many thanks for your great effort :)

Cheers
The munin plugin is just to keep track of traffic for longer than 100 seconds. Draws graphs etc. If you are not familiar with munin i'd give it a skip.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jun 26, 2014 4:38 pm
by danielm
I always get this error ><
KiyasMocha, post your snifferservice.ini file. From the screenshot it looks like there it is incorrectly configured.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 4:37 pm
by danielm
Hello, I have the issue.
Can you help me?

Mikrotik http port: 81
Using Windows 8.1 Pro (x86)
Using Mikrotik 6.14
Cliff,

You need to specify the custom http port 81 in the following setting in snifferservice.ini.
Mikrotik=172.29.10.1:81
The setting 'ServicePort' is for the sniffer service to listen on a different port than 80.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 4:43 pm
by nabeelryk
hi I have installed snifferservice.exe and configured snifferservice.ini successfully.

as I am using hotspot on LAN interface so port 80 is used by my hotspot and I have changed router service port to 88.
so my accounting address is http://192.168.0.1:88/accounting/ip.cgi and I can see log in my browser. So I have changed accounting path in services.ini
AccountingPath=http://192.168.0.1:88/accounting/ip.cgi
but still I an getting this error, the problem is its still looking for traffic at port 80 I don't know why. I did specified port and address. Will you please help me thanks.
2014/06/27 18:27:38 - Error: Cannot get traffic: Connect timed out. (192.168.0.1http:80)
just changed
Mikrotik=192.168.0.1
to
Mikrotik=192.168.0.1:88
and its working now thanks
just a quick question how can I see a whole month log at once ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 5:10 pm
by Bigfoot
Hi

Can not get the SnifferService.exe to run , If I run the SnifferService.exe I don't see the Service "Sniffer" in Services Manage
Pc is running on Windows 7
The log file ol has this in:
2014/06/27 16:05:15 - Info: Mikrotik user: sniffer
2014/06/27 16:05:15 - Info: Mikrotik IP: 192.168.0.1

Bigfoo

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 5:40 pm
by danielm
..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 5:43 pm
by danielm
Hi

Can not get the SnifferService.exe to run , If I run the SnifferService.exe I don't see the Service "Sniffer" in Services Manage
Pc is running on Windows 7
The log file ol has this in:
2014/06/27 16:05:15 - Info: Mikrotik user: sniffer
2014/06/27 16:05:15 - Info: Mikrotik IP: 192.168.0.1

Bigfoot
It is a service, you can't just double-click it. You must install it as per instructions in the readme file.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 6:12 pm
by Bigfoot
Sorry missed that one got the service to work

Now I get:

2014/06/27 16:56:17 - Info: Starting up sniffer service
2014/06/27 16:56:17 - Info: Mikrotik user: sniffer
2014/06/27 16:56:17 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 16:57:00 - Info: Starting up sniffer service
2014/06/27 16:57:00 - Info: Mikrotik user: sniffer
2014/06/27 16:57:00 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:05 - Info: Starting up sniffer service
2014/06/27 17:00:06 - Info: Mikrotik user: sniffer
2014/06/27 17:00:06 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:07 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout
2014/06/27 17:00:27 - Info: Starting up sniffer service
2014/06/27 17:00:27 - Info: Mikrotik user: sniffer
2014/06/27 17:00:27 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:27 - Info: Networks specified: 1
2014/06/27 17:00:27 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2014/06/27 17:00:27 - Info: SnifferService Port: 81
2014/06/27 17:00:27 - Info: Service started
2014/06/27 17:00:29 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 6:29 pm
by danielm
Sorry missed that one got the service to work

Now I get:

2014/06/27 17:00:27 - Info: Starting up sniffer service
2014/06/27 17:00:27 - Info: Mikrotik user: sniffer
2014/06/27 17:00:27 - Info: Mikrotik IP: 192.168.0.1
2014/06/27 17:00:27 - Info: Networks specified: 1
2014/06/27 17:00:27 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2014/06/27 17:00:27 - Info: SnifferService Port: 81
2014/06/27 17:00:27 - Info: Service started
2014/06/27 17:00:29 - Error: Cannot get traffic: HTTP/1.0 504 Gateway Timeout
So can you connect to http://192.168.0.1/accounting/ip.cgi with a browser? If not you have not set up accounting correctly on mikrotik. Follow readme.txt

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 6:47 pm
by Bigfoot
Yes, I use http://192.168.0.1:81/accounting/ip.cgi

213.199.179.167 192.168.0.48 97 2 * *
192.168.0.16 194.27.183.245 296 6 * *
172.24.73.229 192.168.0.48 953 9 * *
192.168.0.16 207.46.194.8 3457 22 * *
172.25.97.219 192.168.0.48 320 5 * *
192.168.0.15 157.55.56.141 63 1 * *
197.79.14.150 192.168.0.16 404 7 * *
172.25.98.34 192.168.0.19 691 5 * *
172.24.80.54 192.168.0.48 1596 20 * *
85.200.100.228 192.168.0.16 232 4 * *

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 6:53 pm
by Bigfoot
I see traffic text - http://localhost:82/ip
DHCP Leases:
192.168.0.10=*****************
192.168.0.11=*****************
192.168.0.12=*****************
192.168.0.13=*****************
192.168.0.14=*****************
192.168.0.15=*****************
192.168.0.157=*****************
192.168.0.16=*****************
192.168.0.17=*****************
192.168.0.19=*****************
192.168.0.20=*****************
192.168.0.21=*****************
192.168.0.22=*****************
192.168.0.23=*****************
192.168.0.24=*****************
192.168.0.25=*****************
192.168.0.33=*****************
192.168.0.34=*****************
192.168.0.36=*****************
192.168.0.37=*****************
192.168.0.48=*****************
192.168.0.52=*****************
192.168.0.84=*****************
Static DNS:
192.168.0.1=*****************

DHCP: 23
Static: 1
---------------
Total: 24

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 7:01 pm
by Bigfoot
Thx, Got it working.
changed :
#Mikrotik Server
Mikrotik=192.168.0.1:81

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 27, 2014 9:50 pm
by danielm
Thx, Got it working.
changed :
#Mikrotik Server
Mikrotik=192.168.0.1:81
Great, tx for sharing

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jun 28, 2014 12:43 am
by nabeelryk
..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?
whole month as a graph, and is there any way to record the websites users view, as I am using Radius so sorry to say that but radius is doing all the job of accounting and loging of user data per session and I have almost 3 years data per user now in my radius I was kind of searching some thing that can record or show what websites users visited (this is now required due to government policy for all WISP to keep 1 year record of user activity).

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jun 28, 2014 10:15 pm
by danielm
..and its working now thanks
just a quick question how can I see a whole month log at once ?
Glad its sorted. The accountingpath gets appended to the ip address of the "Mikrotik" setting.

Do you mean the whole month as a graph or the whole month in text (how much data per ip)?
whole month as a graph, and is there any way to record the websites users view, as I am using Radius so sorry to say that but radius is doing all the job of accounting and loging of user data per session and I have almost 3 years data per user now in my radius I was kind of searching some thing that can record or show what websites users visited (this is now required due to government policy for all WISP to keep 1 year record of user activity).
For a graph you'll have to take a look at the munin script I posted earlier in this thread. It talks to the snifferservice and plots the info of 30 most active users (per IP). But you'll need some experience with munin and linux. As for the visited sites I'm afraid I can't help.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jun 29, 2014 1:58 pm
by pizzonia
Win machine is needed running 24/7?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jun 30, 2014 11:43 am
by danielm
Win machine is needed running 24/7?
Only if you need accurate values for the amount of data transferred per ip for the week. You might also notice a spike in measured traffic when the service starts up due to the build-up of accounting data. Other than that no issue.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jul 02, 2014 5:24 am
by hamidbhatti
Dear danielm,

Thanks for this awesome utility. I install it a month ago, its works fine.
Now i enable Mikrotik Web Proxy(transparent mode) and i observe that the tool doesn't show me the real bandwidth utilization of users.
Do i need to made some changes to work with Web Proxy?

thanks in advance.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jul 02, 2014 12:55 pm
by danielm
Dear danielm,

Thanks for this awesome utility. I install it a month ago, its works fine.
No i enable Mikrotik Web Proxy(transparent mode) and i observe that the tool doesn't show me the real bandwidth utilization of users.
Do i need to made some changes to work with Web Proxy?

thanks in advance.
Hmm, when you use a web proxy the traffic does not go through the router as normal, instead it terminates on the router and the router makes a new connection to the internet. I'm not sure how this is handled in accounting. (You can try switching on 'account local traffic' in accounting perhaps?)

What I can tell you is the logic in the sniffer. For the sniffer to count a packet the source must be local (according to the specified network and mask) and the target must not be local. Or the other way round. If both are local (or both are not local for some reason) it is not counted because we are interested in Local -> Internet traffic.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 05, 2014 6:44 am
by hamidbhatti
Dear danielm.

Thanks for your brief reply. I have tested it with "account-local-traffic=yes" but no such success. as you mentioned, traffic redirected to proxy doesn't count.
for my understanding is it possible to count the per ip traffic on a particular interface (i.e LAN) with dst-address=!local for upload and dst-address=local for download.
As TORCH tool does on an interface(i think its also using ip accounting, but not pretty sure :( ).

Thanks and regards,

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 05, 2014 6:30 pm
by danielm
Dear danielm.

Thanks for your brief reply. I have tested it with "account-local-traffic=yes" but no such success. as you mentioned, traffic redirected to proxy doesn't count.
for my understanding is it possible to count the per ip traffic on a particular interface (i.e LAN) with dst-address=!local for upload and dst-address=local for download.
As TORCH tool does on an interface(i think its also using ip accounting, but not pretty sure :( ).

Thanks and regards,
OK, let's do an experiment. If the mikrotik accounting reports the traffic from the LAN to the router then we can show that. I have added some logic to do that. Grab the service attached below and specify
MeasureTrafficToRouter=1
in the ini file. Also set account-local-traffic=yes on your mikrotik.

It should show all traffic going through the router as well as LAN traffic to and from the router.

I have not tested this yet so no guarantees :) Let me know how it goes.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 07, 2014 7:09 am
by hamidbhatti
Thanks dear danielm.

Seems start working, i will test it further.

really thankful for your time and efforts.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 07, 2014 11:29 am
by danielm
Thanks dear danielm.

Seems start working, i will test it further.

really thankful for your time and efforts.
hamidbhatti, that's good news! It was a fairly small change so I don't expect other things to break, but do let me know if you find something odd.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 14, 2014 11:56 am
by anon3778
Hi danielm. Is there any way to clear the log in SniffViewer.exe? The clear button only clears the graph but the total of sent and received data is not cleared. I have also tried to modify the log in traffic.txt but it doesn't seem to work. I need to clear all the sent and received data and hopefully you can help to do so. Thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 14, 2014 12:15 pm
by danielm
Hi danielm. Is there any way to clear the log in SniffViewer.exe? The clear button only clears the graph but the total of sent and received data is not cleared. I have also tried to modify the log in traffic.txt but it doesn't seem to work. I need to clear all the sent and received data and hopefully you can help to do so. Thanks.
Yes sure. Just stop the service, delete traffic.txt and start it up again.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 10:50 am
by Skyflash
I really thank you for this great tool :)

Only one question: i have a RB1100 with some different internal "phisical" networks (192.168.1.0/24; 192.168.2.0/24; 10.0.0.0/24) attached on the respective RJ45 interfaces, and the "RED" interface connected to the WAN

How can i use your tool for monitor everything? :D

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 11:33 am
by Skyflash
I have a suggestion for a next release :)

In my LAN i have some Windows DNS servers, that serve the Windows domain. Can you add an option for connect the viewer to a dns service instead the ips.txt file?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 12:10 pm
by danielm
I really thank you for this great tool :)

Only one question: i have a RB1100 with some different internal "phisical" networks (192.168.1.0/24; 192.168.2.0/24; 10.0.0.0/24) attached on the respective RJ45 interfaces, and the "RED" interface connected to the WAN

How can i use your tool for monitor everything? :D
Skyflash, glad you like it. Note this comment in snifferservice.ini:
#Capture packets from this network
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same. 
So for you that would mean
Network=192.168.1.0,192.168.2.0,10.0.0.0
Mask=255.255.255.0,255.255.255.0,255.255.255.0

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 1:03 pm
by Skyflash
Oh, thank you again. I didn't read the configuration notes... My mistake :D

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 4:21 pm
by kameelperdza
Thank you.
Nice Tool

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 17, 2014 11:20 pm
by Etz
Great tool, thank you :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 24, 2014 4:45 pm
by Andoniiiiii
Very nice tool, Works fine. Thanks...

I was wondering if you can show realtime Internet connections, I have worked with Watchguard and it has an utility in their firebox system that is called HostWatch:

http://cicorp.com/internet/firewall/Wat ... tWatch.jpg

The "only" thing they do is to put in Graphical mode what you see in IP/Firewall/Connections Tab on RouterOS, but is very nice tool...

Kind regrads,
Andoni.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 24, 2014 4:59 pm
by Andoniiiiii
Very nice tool, thanks.

I was wondering if it could be posible to show active connections (IP/Firewall/Connections tab) in graphical mode, I have worked with Watchguard and it have a tool called HostWatch that is very nice too( see attached hostwatch.png)

Kind Regards,
Andoni.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jul 25, 2014 11:39 am
by danielm
Very nice tool, Works fine. Thanks...

I was wondering if you can show realtime Internet connections, I have worked with Watchguard and it has an utility in their firebox system that is called HostWatch:

http://cicorp.com/internet/firewall/Wat ... tWatch.jpg

The "only" thing they do is to put in Graphical mode what you see in IP/Firewall/Connections Tab on RouterOS, but is very nice tool...

Kind regrads,
Andoni.
Andoni,

Unfortunately the Sniffer was not designed to show the target IPs. It does not even track them at all.

Regards,
Daniel

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jul 25, 2014 6:15 pm
by Andoniiiiii
Thanks anyway for a great tool. :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jul 27, 2014 11:36 pm
by PCNetworks
Thank you danielm for the contribution

!PROBLEM SOLVED!

In the Viewer INI file I un-commented
#Incoming and outgoing max bandwith (not required, for display purposes only)
LineCapacityInbit=1000000
LineCapacityOutbit=512000
All is functioning now, thank you for the great tool.

I have downloaded both he service and viewer files.
Created the SSH user & group on the MT router enabled accounting, set the web access accepted IP.

When i access the router VIA http://10.0.0.1/accounting/ip.cgi.... The browser displays the following in example.
123.237.20.244 10.0.0.248 2032 2 * *
31.13.70.65 10.0.0.248 51963 52 * *
68.67.128.240 10.0.0.248 1368 3 * *
I have copied the Server & Client files into C:\Program Files\Sniffer\

When I start the Sniffer Service, the log SnifferService.log displays the following:
2014/07/27 13:09:53 - Info: Starting up sniffer service
2014/07/27 13:09:53 - Info: Mikrotik user: sniffer
2014/07/27 13:09:53 - Info: Mikrotik IP: 10.0.0.1
When I open the Viewer however, the application fields are not populated with any network statistics.

Can someone possibly help me with determining my error in configuration?

Below are the Service & Viewer INI configs.
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=10.0.0.0/24,192.168.0.0/24
Mask=255.255.255.0,255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=10.0.0.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

#Convert static DNS names to uppercase
UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
ServiceName=Sniffer
ServiceDisplayName=Sniffer
VIEWER
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
IPSource=http://10.0.0.1
IPSource=c:\temp\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000
Thank you and best regard

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 28, 2014 11:48 am
by danielm
Network=10.0.0.0/24,192.168.0.0/24
This should be without the '/.24'

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 28, 2014 12:33 pm
by Markwinstanley
Will it work for Non mikrotik if not is there any other available?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 28, 2014 2:24 pm
by danielm
Will it work for Non mikrotik if not is there any other available?
Highly unlikely. Your router must provide accounting info on http in this format (at the very least):
98.168.180.128 192.168.20.11 44 1 * *
23.57.219.27 192.168.21.46 52 1 * *
41.164.145.141 8.8.8.8 65 1 * *
173.194.67.95 192.168.21.13 52 1 * *
192.168.20.11 86.178.40.138 52 1 * *

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jul 29, 2014 8:24 am
by donaldf
Great program, thank you for this. It makes my life a lot easier finding workstations that are using large amounts of bandwidth.

I have a question: We have a DC that controls DNS and DHCP. Is there a way for me to see the hostnames? At the moment it is blank, as DNS and DHCP is not handled by the MikroTik.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jul 29, 2014 3:06 pm
by sammy66
Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jul 30, 2014 2:06 pm
by DarrenCarterSA
You're a star! This is just what I have been looking for!

Brilliant! :D

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 31, 2014 4:42 pm
by danielm
Great program, thank you for this. It makes my life a lot easier finding workstations that are using large amounts of bandwidth.

I have a question: We have a DC that controls DNS and DHCP. Is there a way for me to see the hostnames? At the moment it is blank, as DNS and DHCP is not handled by the MikroTik.
Yes, working on that :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Aug 04, 2014 7:22 pm
by dennix2014
Ip accounting is not working on the specified machine. If i enter http://192.168.1.98/accounting/ip.cgi (192.168.1.98 is the ip address of my mikrotik router), i always get "ERROR 401:UNATHORISED" . The following screenshot shows that ip accounting is enabled and web access for the specified machine is allowed. Does any body have any idea why this is happening. Any help will be highly appreciated.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Aug 06, 2014 8:08 am
by hamidbhatti
Dear danielm.

I was wondering if i can add two routers with same network. i.e.

network : 10.0.0.0/8

#Mikrotik Server
Mikrotik: 10.0.0.1/8
Mikrotik: 10.0.1.1/8

Clients may switch to any gateway with same ip address.

thanks and regards,

Hamid Mehmood

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Aug 06, 2014 8:29 am
by NullKelvin
Dear danielm.

Thank you for this great tool. It almost perfect for me :)

Can you add optional function in SnifferService, for resolving reverse DNS entries through specific server?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Aug 10, 2014 10:38 pm
by danielm
Works great, I really like it. The colorscheme is abit hard to get used to but its quite handy I love it. However if I may make some suggestions, perhaps a way to sort/filter the IP's for future versions ?
Added option to change the color scheme and sort by ip. Will be in next release

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Aug 10, 2014 10:40 pm
by danielm
Dear danielm.

I was wondering if i can add two routers with same network. i.e.

network : 10.0.0.0/8

#Mikrotik Server
Mikrotik: 10.0.0.1/8
Mikrotik: 10.0.1.1/8

Clients may switch to any gateway with same ip address.

thanks and regards,

Hamid Mehmood
No, unfortunately that is not supported.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Aug 14, 2014 1:23 pm
by marcdebeer
Thanks for this tool its great! Any particular reason why I only get Send Speed data back and no Recv Speed?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Aug 14, 2014 5:57 pm
by WilluX
Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 09, 2014 7:56 pm
by dw5304
would it be possible so make the viewer to be clickable on the color to toggle the data from being displayed on the graph?

makes some things easier to see when u have alot of data flowing over the unit.

also after it runs for a while it seems to loose the graph.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 09, 2014 10:27 pm
by danielm
Thanks for this tool its great! Any particular reason why I only get Send Speed data back and no Recv Speed?
That is odd. Can you post the result of http://<service> where <service> is the ip address of the machine running the snifferservice?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 09, 2014 10:30 pm
by danielm
Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?
Check your mikrotik log. You should have an SSH connection or at least a connection attempt every 5 minutes from the 'sniffer' user. Maybe you see a logical error. Also check the snifferservice log file.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 09, 2014 10:36 pm
by danielm
would it be possible so make the viewer to be clickable on the color to toggle the data from being displayed on the graph?

makes some things easier to see when u have alot of data flowing over the unit.

also after it runs for a while it seems to loose the graph.
Nice idea but will take a while to implement. Maybe some time in the future.

I have seen the graph becoming corrupt but have not been able to find the cause. On the other hand I have had the viewer run for weeks without issues too. If you can figure out under what circumstances it happens it would be very helpful. (Of course restarting the viewer sorts it out but it is a bit of a pain.)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Sep 11, 2014 4:02 pm
by gaff
Hello,

I would like to use your application, but I have following problems:
2014.09.11 14:25:34 - Info: Starting up sniffer service
2014.09.11 14:25:34 - Info: Mikrotik user: sniffer
2014.09.11 14:25:34 - Info: Mikrotik IP: 10.8.0.36
2014.09.11 14:25:34 - Info: Networks specified: 1
2014.09.11 14:25:34 - Info: Monitoring network: 10.8.0.0/255.255.0.0
2014.09.11 14:25:34 - Info: SnifferService Port: 8080
2014.09.11 14:25:34 - Info: Service started
2014.09.11 14:25:36 - Error: Cannot get traffic: Connection Closed Gracefully.
in the mikrotik log, there are strange "loggged in" and "loggged out" messages after start of SnifferService:

Image

and the http://10.8.2.33/accounting/ip.cgi reports "Requested document '/accounting/ip.cgi' not found"

Connection by Plink.exe is working (user sniffer is NOT logged out):
Image

Where could be a problem?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Sep 12, 2014 1:54 pm
by gbh
Hi danielm

It seems that I could not get the host names to show up unless i add it manually to ips.txt.

Both DHCP and DNS are on the routerboard.

I have noticed that when I go check on localhost/ip, all I get is:
DHCP Leases:
Static DNS:

DHCP: 0
Static: 0
---------------
Total: 0
Any resolutions to this?

I have exactly the same issue as you.
Which folder should I create an ips.txt in? (and what format for the text please?)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Oct 01, 2014 4:59 am
by exliko
Thanks for this great tool

I've installed v1.0.2 several months ago.
Do i need to reinstall the sevices if i want to upgrade it to v1.0.3?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 02, 2014 8:26 pm
by Sl33py
Hello
This is a great tool thank you,
Can this tool or even another log the line usage, we can see the current up and download speed but I want to see if the line gets congested at time especially the upload.
I skimmed through the pages but did not see anything.
I have tried cacti but did not come right with it :(

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Oct 20, 2014 5:54 am
by epiclulz
this tool is pretty awesome i must admit i like it alot :D :D

i have but one question

is this tool grabbing data written to the routers memory or is it polling and collecting data in real time

the question i ask is if i was to turn off the machine with the service running.. if i was to turn it off and go to work and come back and fire it back up will it have account the data from when it was turned off or will it just start logging from there ? im looking for something that will look but do the same thing that your system does without having to have a machine on 24/7

this tool is awesome and you should be really proud of your work

cheers bud

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Oct 21, 2014 12:10 pm
by Duduhandelman
Well done, very nice tool.

It's working very well while the Mikrotik is doing routing but for some reason I'm unable to view the data while using a bridge.
The data is in the accounting on the router side.
Is there any spaecail config?

Thanks for the great tool

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 30, 2014 12:38 pm
by Adame123
@danielm

Is there a way to reset the current stats displayed on the traffic monitor to 0 and start the "monthly" clearschedule from the time of reset ( so that would be day 1)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 30, 2014 12:45 pm
by Adame123
@danielm

Is there a way to reset all the current statistic in the traffic monitor to 0. I set the clearschedule to monthly and after i reset it i want it to start counting from day 1.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 31, 2014 6:09 am
by epiclulz
the tool as a major bug... not sure if its resetting when it gets to 100gb or if the remote collector is rebooted it seems to reset the couter

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Nov 14, 2014 11:13 am
by imek
Each time I run the Snifferviewer, I get this error message List index out of bound (22)

Please could you help with the solution

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Nov 21, 2014 4:35 pm
by NunoMMS
Hi, can anyone tell me what to do with these errors:
2014-11-21 16:24:32 - Info: Starting up sniffer service
2014-11-21 16:24:32 - Info: Mikrotik user: sniffer
2014-11-21 16:24:32 - Info: Mikrotik IP: 192.168.1.1
2014-11-21 16:24:32 - Info: Networks specified: 1
2014-11-21 16:24:32 - Info: Monitoring network: 192.168.1.0/255.255.255.0
2014-11-21 16:24:32 - Info: SnifferService Port: 80
2014-11-21 16:24:32 - Error: Cannot listen on tcp port 80
2014-11-21 16:24:32 - Error: Socket Error #10013, Access denied.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 17, 2014 7:29 am
by oskaratk
seems to be a great tool almost all I need. If I could get accounting to work

However, when I turn on ip-accounting, I not even see traffic using the snapshot funtionality.

I am using a RB450G, in this case pretty much as switch. eth1 as master for eth2 - eth5.
I wonder what I am missing ...

Thanks
Oskar

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Dec 18, 2014 5:47 pm
by guoshuzhang
2014/12/18 23:45:56 - Info: Starting up sniffer service
2014/12/18 23:45:56 - Info: Mikrotik user: admin
2014/12/18 23:45:56 - Info: Mikrotik IP: 192.168.10.1:22
2014/12/18 23:45:56 - Info: Networks specified: 1
2014/12/18 23:45:56 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2014/12/18 23:45:56 - Info: SnifferService Port: 83
2014/12/18 23:45:56 - Info: Service started
2014/12/18 23:45:56 - Error: Cannot get DNS: C:\Program Files (x86)\Sniffer\plink.exe admin@192.168.10.1:22 -pw ******* "/ip dns static print detail without-paging"
2014/12/18 23:45:56 - Error: Error code: 32
2014/12/18 23:45:58 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:45:59 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:46:00 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)
2014/12/18 23:46:01 - Error: Cannot get traffic: Connect timed out. (192.168.10.1:22)

some body help me please

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Dec 19, 2014 5:50 am
by guoshuzhang
Image
this is my setup
OK?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Dec 21, 2014 11:28 am
by billjellis
Stumbled upon a feature of this tonight "networx application" can give you graphs like this. It is by a company called https://www.softperfect.com/. I have been using it for years to monitor traffic on a PC. :lol:
Capture.JPG

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Dec 27, 2014 10:50 pm
by wilsonlmh
Great works you did. BTW, I'd like to ask if you will release the source or not? I think this is a great idea to enrich more functions for this app. For my personal opinion, I think it should at least have a column for connect manually instead of store the server address in a INI file. And also it should use the per-user config store to save last connect address. Since it's the first time I try the app, but I already got lots of idea to improve it. I'm afraid some of my idea will conflict with your original intention. So I think it will be better for you to publish the source in some repository(like github, sourceforge etc.) and then people can develop different version for different purpose. But if that's not quite possible to release the source, would you like to write some documents to describe the protocol between server and viewer? Thank you!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jan 07, 2015 7:40 pm
by chechito
awesome work!

real world useful tool !!!

thanks for sharing !!!!!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Feb 16, 2015 11:04 am
by satrunner
I have Windows 8.1 for some reason I can't see service running in task manager. and I get error when I start the viewer up Invalid floating point operation

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Feb 28, 2015 2:17 pm
by Bintalhoda
Hello, i must say this is a life-saver since i have been looking for it for some time, but it won't work for me -_-

Windows 8.1 Pro x64
Mikrotik Server: 192.168.0.254
Network: 192.168.0.0/24
I can start the service and see it running in task manager
I configured accounting in winbox
I added the user 'sniffer' in group 'sniffer' with ssh and read permissions
I cannot access "//192.168.0.254/accounting/ip.cgi"
I am having a 'Cannot get traffic' message

Please advice and thanks in advance

==============
My configuration:
==============

[Settings]
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.0.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.254
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=//192.168.0.254/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

======
Output
======
2015/02/28 14:12:45 - Info: Starting up sniffer service
2015/02/28 14:12:45 - Info: Mikrotik user: sniffer
2015/02/28 14:12:45 - Info: Mikrotik IP: 192.168.0.254
2015/02/28 14:12:45 - Info: Networks specified: 1
2015/02/28 14:12:45 - Info: Monitoring network: 192.168.0.0/255.255.255.0
2015/02/28 14:12:45 - Info: SnifferService Port: 80
2015/02/28 14:12:45 - Info: Service started
2015/02/28 14:12:47 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/02/28 14:12:48 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Mar 16, 2015 2:43 am
by imaljko4
Is it possible to use this tool to monitor 2 different mikrotik routers at the same time?
Thank you for help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Mar 23, 2015 4:24 am
by epiclulz
anyone else still getting this bug where once it goes over 100gb of usage it resets it self to 0 in the tool ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Apr 03, 2015 9:09 am
by jarda
Thank you very much for such nice tool.
I would like to monitor multiple routers with one service. Is that possible?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 09, 2015 8:37 am
by tongqabiz
Dear bro Daniel

I've already tried this and its work amazingly.
but why cant i see the hostname (in my case)
can you help me with it?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Apr 19, 2015 11:16 am
by m3a2r1
I've got the same problem. It works great but doesn't show hostnames. I'm using DHCP on my MT. I've tested on 2 MT's with the same effect.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Apr 25, 2015 2:00 am
by imaljko4
I've got the same problem. It works great but doesn't show hostnames. I'm using DHCP on my MT. I've tested on 2 MT's with the same effect.
Usually it takes few minutes for the hosts to appear.

Check in your log on the mikrotik router if you see the "sniffer" user connecting ?(if all works fine, you will see the "sniffer" user connecting constantly in your log).
If it doesn't show in the log, then something is wrong...

See the picture.
log.png

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Apr 26, 2015 11:34 am
by m3a2r1
I've fixed it. Install note in readme text shows how to create ssh user but there's no info that I have to create password for that user :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 30, 2015 6:29 pm
by midomidi2013
I've the same problem here >_<

I can't see from MikroTik logs that user: sniffer logging in. but I can see http://ipaddress/accounting/ip.cgi

please guide me :) I'm new to this great things, I really am thank you anyway :)
I always get this error ><

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 04, 2015 10:00 am
by nikolas22t
Can i monitor 2 different mikrotik routers on the same server ? ( 1 service running with 2 servers or 2 services running with 1 server each ?)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue May 05, 2015 2:38 am
by imaljko4
Can i monitor 2 different mikrotik routers on the same server ? ( 1 service running with 2 servers or 2 services running with 1 server each ?)
I am able to monitor 2 different routers on the same computer.
I had to install/run 2 services (had to rename the 2nd service to "sniffer2"), and then i used 2 viewers, each viewer is setup to connect to one of the services.
Then it works

So " viewer1" is connecting to "snifferservice1"
"viewer2" is connecting to "snifferservice2"

You have to set this parameters in the snifferservice folder "snifferservice.ini" file
and in the viewer folder on the "sniffer.ini" file

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jun 01, 2015 6:56 pm
by ALX1S
Hi, Thanks for the programs, it look like Awesome.

I have the service Running, but im not beeing able to catch teh traffic, and when i check the SnifferService.txt appear "Error: Cannot get traffic: http response code: 401, unauthorized". Im suing the same usr, group and password in the readme. Could you tell me if I forget something.

Thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jun 02, 2015 1:36 am
by imaljko4
Hi, Thanks for the programs, it look like Awesome.

I have the service Running, but im not beeing able to catch teh traffic, and when i check the SnifferService.txt appear "Error: Cannot get traffic: http response code: 401, unauthorized". Im suing the same usr, group and password in the readme. Could you tell me if I forget something.

Thanks.

Try to type this link in your browser and see if you can access it: http://192.168.1.1/accounting/ip.cgi

instead of the "192.168.1.1" you put your router ip address.

If you cannot acces that page, see if you have enabled accounting under: winbox- ip- accounting
and check if you have enabled http access to your router under: winbox- ip - services (here the port 80 must be enabled for access)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jun 02, 2015 4:57 pm
by ALX1S
Yep, I could see the Mikrotik telling the connections in an plane text interface, and restarted the windows service many times. (the service port is set in the 80, I don't have any other service in this port in this computer)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jun 16, 2015 10:28 pm
by pverburg
Hi,
got this working except I cant get the viewer to use port 85 ??? cant use 80 already in use
I can see the data so the sniffer works, just the viewer I have used 192.168.x.x:85 no go ?

Thanks

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jun 17, 2015 5:18 pm
by Lentin
Please help!

Stuck Here:
-------
2015/06/17 16:11:46 - Info: Mikrotik user: sniffer
2015/06/17 16:11:46 - Info: Mikrotik IP: 192.168.1.1
-------
from web: 192.168.1.1/accounting/ip.cgi - Success
my config:
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.1.1
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

Appreciate your help, Thanks in advance

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jun 22, 2015 1:00 pm
by dalejsa
Hi All

I wonder if someone can help me. I followed the instructions below to create the sniffer user for the monitor, I logged out of the router and thereafter I could not login as admin anymore. I have restarted the routerboard but no joy. I am desperate to get back in as admin. Did anyone else experience this? Any suggestions at all?


Thanks

On Mikrotik
-----------
Create an SSH user for getting DHCP lease names and DNS entries
/user
group add name=sniffer policy="ssh,read"
add address=192.168.88.0/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.88.XX/32
(XX is the IP of the Windows machine where SnifferService will run)

check on http://192.168.88.1/accounting/ip.cgi that it works (from specified machine)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 13, 2015 11:02 am
by imaljko4
HI, thanks again for your software, do you know how many ip-s (computers) can the viewer show at once on a network. My network has about 50 computers connected, but seems that the viewer will show only up to 33 computers, or am i wrong?
Do you know if i can somewhere specify that the viewer shows more than 33 computers (actually all the computers that are connected to the network) ? thanks

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jul 27, 2015 4:55 pm
by fundus
Is there any way of overriding the default ssh port 22? To avoid brute force attacks, my Mikrotik is set to a different port.

The ini.file's port setting only overrides web, not SSH access. I tried changing the server to 192.168.1.88:5005, but that does not seem to register.

Any guidance much appreciated!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Aug 08, 2015 12:05 pm
by Lordi
many thanks to share this tool with us.
it works great for my.
any development in progress?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Aug 11, 2015 3:57 pm
by Elementn
many thanks to share this tool with us.
it works great for my.
any development in progress?

Every thing was good , the service start normally but in the miktrotik Logs no user sniffer is logged in ?
Please anyone can help me to solve that ?

Thanks,

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Aug 13, 2015 1:03 pm
by shootaboyz
Hello,

First I have to thank you for providing this tool. I would like to ask whether I can put the service on another PC (192.168.168.250) and run the viewer from my notebook (192.168.168.124)? If its possible can you show me what I should enter on the viewer config file. Also, is it possible to save the traffic by day, maybe to a csv file?

Thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Aug 26, 2015 1:00 am
by renedr
[quote="danielm"]Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:



Nice app. Works well.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Sep 09, 2015 12:50 am
by psycoclan1
Hello guys,

it seems i have a problem here which i cant completely understand and fix it..

I used the sniffer perfectly until today...Today i renabled my transparent web proxy which redirects all the port 80 traffic to port 8989. As soon as i did that the sniffer stopped working. I checked the accounting from web and browser sends back a 401 error (anauthorised access). It seems that the proxy doesnt authorise the accounting, but my sniffer is configured on port 249 (random port i assigned when i first set it up, coz port 80 was blocked).

How can i bypass it?

EDIT : i created 2 address lists in firewall, all the network range exluding mine and i created 2 nat chains with both lists in each redirect. Now all the hosts in the network go through the proxy apart from my pc. Is there another way to have both proxy and accounting?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Sep 10, 2015 4:10 pm
by hendrikbasson
Hi,

Great tool!

Anyone figure out a way to send the data via email weekly or so? With the grid and graph?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Sep 18, 2015 1:08 pm
by BroganOs
I'm having problems seeing traffic in the viewer and looking for help.

I can see traffic if I go to the address: http://192.168.0.1:81/accounting/ip.cgi
I can see information in the traffic.txt file
The log file show's me logged in with no errors.
2015/09/18 10:57:29 - Info: Starting up sniffer service
2015/09/18 10:57:29 - Info: Mikrotik user: sniffer
2015/09/18 10:57:29 - Info: Mikrotik IP: 192.168.0.1:81
2015/09/18 10:57:29 - Info: Networks specified: 1
2015/09/18 10:57:29 - Info: Monitoring network: 192.168.0.1/255.255.255.0
2015/09/18 10:57:29 - Info: SnifferService Port: 81
2015/09/18 10:57:29 - Info: Service started
But the viewer (SniffViewer.exe) is blank.

I'm not using port 80, I'm using port 81 and have change the web access port on the MT to port 81.
(This solved the error
Error: Cannot get traffic: Connect timed out. (192.168.0.1:81)
I was having by the way)

anyone got any advise?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Sep 18, 2015 3:08 pm
by BroganOs
Solved: After I changed ports from 80 to 81 I forgot to change the port number in sniffer.ini as per readme file.
Viewer on Windows machine
-------------------------
- Copy the Viewer files to your machine (any windows machine on the LAN)
- Configure sniffer.ini as per comments (add a port number to the ip if you are not using port 80 for the 
  SnifferService, i.e. SnifferService=localhost:81)
- Start up SnifferViewer.exe

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 29, 2015 11:51 am
by bouvrie
I have Windows 8.1 for some reason I can't see service running in task manager. and I get error when I start the viewer up Invalid floating point operation
Same issue with me running the viewer, any clue on resolving the isssue?

*edit*

Thanks BroganOs, specifying the alternate port in the Sniffer.ini (host:port) solved my client crashing too... :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 01, 2015 9:30 am
by ciwmohsen
hi every body
I did settings،But the result was not good
These images is the result of my work
please help me... :(
snifferservice.jpg
sniffer.jpg
attix 5.jpg

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Oct 01, 2015 1:06 pm
by BroganOs
In snifferService.ini try changing the "Network" address to the address of your router which I'm assuming is 192.168.0.3 and put the new service port number at the end of the IP address under the microtik server ( see example below)
#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.0.3
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.3:2560
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=2560

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 02, 2015 7:23 am
by otgooneo
Looks Awesome! :-) I`ll try later

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Oct 03, 2015 4:32 pm
by ciwmohsen
hi BroganOs
thanx for your comment
i change that . but not work properly :-(

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Oct 05, 2015 8:32 am
by ciwmohsen
hi
thanks BroganOs
i change that. but not work properly :(

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 12, 2015 5:46 am
by infused
Just replying to let you know this works really well. Thanks

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 18, 2015 8:28 am
by piyaservice
Dear sir
this is my config from sniffer.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.0.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.0.254
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

this is log file
2015/11/18 13:14:27 - Info: Starting up sniffer service
2015/11/18 13:14:27 - Info: Mikrotik user: sniffer
2015/11/18 13:14:27 - Info: Mikrotik IP: 192.168.0.254
2015/11/18 13:14:27 - Info: Networks specified: 1
2015/11/18 13:14:27 - Info: Monitoring network: 192.168.0.0/255.255.255.0
2015/11/18 13:14:27 - Info: SnifferService Port: 80
2015/11/18 13:14:27 - Info: Service started
2015/11/18 13:14:29 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:30 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:31 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:32 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:33 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:34 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:35 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:36 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:37 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:38 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:39 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:40 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:41 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:42 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:43 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:44 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:45 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:46 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)
2015/11/18 13:14:47 - Error: Cannot get traffic: Connect timed out. (192.168.0.254:80)

www service port : 81
What is problem , Because I cannot change to www service port : 81

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 18, 2015 11:42 am
by BroganOs
maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 19, 2015 3:55 am
by piyaservice
maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 19, 2015 12:52 pm
by BroganOs
have you tried the advise from imaljko4:
If you cannot acces that page, see if you have enabled accounting under: winbox- ip- accounting
and check if you have enabled http access to your router under: winbox- ip - services (here the port 80 must be enabled for access)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Nov 23, 2015 12:05 am
by kendo
maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP address because *.*.*.254 is used as broadcast address.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Nov 23, 2015 12:22 am
by kendo
maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP.
ip address you have is used as broadcast.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Nov 23, 2015 12:28 am
by kendo
Hi
I have a little misunderstanding

I have installed the system and it`s working well. But I have got wrong RECV TOTAL and SENT TOTAL data



In the picture you can see only 15.50 Mb TOTAL RECV. But I had watched a movie online ~ 500 Mb.

Do you have any ideas how to get correct traffic info?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 25, 2015 8:37 am
by piyaservice
maybe try changing your mikrotik server address to the following:

Mikrotik=192.168.0.254:81
dear sir
I cannot try http://192.168.0.254:81/accounting/ip.cgi it is found Error 401: Unauthorized

best regard
Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 25, 2015 2:30 pm
by kendo
Hi
Try to change your router IP.
ip address you have is used as broadcast.[/quote]

Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24[/quote]

You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 26, 2015 8:27 am
by piyaservice
Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24[/quote]

You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24[/quote]

Thank you so much , I will try it

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 26, 2015 10:10 am
by piyaservice
Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24
You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24[/quote]

Thank you so much , I will try it[/quote]

I try to use your method , Thank you so much , It is OK

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Dec 04, 2015 3:52 pm
by knowledgemonster
Hi,

If i go to http://192.168.2.1/accounting/ip.cgi

It works without problem, but i cannot get anything to show up in the viewer...Service started no problem.

2015/12/04 08:24:06 - Info: Starting up sniffer service
2015/12/04 08:24:06 - Info: Mikrotik user: sniffer
2015/12/04 08:24:06 - Info: Mikrotik IP: 192.168.2.1:23
2015/12/04 08:24:06 - Info: Networks specified: 1
2015/12/04 08:24:06 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2015/12/04 08:24:06 - Info: SnifferService Port: 23
2015/12/04 08:24:06 - Info: Service started

I used port 23 because i couldn't figure out how to add port 81

Any suggestions?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Dec 07, 2015 11:01 am
by dhunt4372
This is a great tool danielm ! Thank you so much for making this and for making it available to everyone!

I think I (may) be experiencing an issue similar to kendo (and it also does come back to how the sniffer service polls/collects traffic data from the Mikrotik).

I regularly have Winbox and Snifferviewer(Attix5 Traffic Monitor) open, and I often see traffic that is WAY higher on the Mikrotik WAN/LAN interfaces than the aggregate traffic seen in the Snifferviewer program. I don't think I have ever seen it the other way around, where the traffic in Snifferviewer is higher than the traffic in Winbox (and this isn't due to a delay, as Snifferviewer never comes close to reaching the peaks reported by Winbox).

Is this traffic simply not counted? Is it too fleeting/instantaneous for the sniffer service to poll? Or does it simply not register in the Snifferviewer program (and the cumulative send/receive data is actually counted)? I've unchecked the "use 5 sec average" box hoping to view more real-time traffic. Below are 5 printscreens showing examples of what it is I'm experiencing, and also wonder if other people have seen the same.

Still, great tool danielm! :D

Image
Image
Image
Image
Image

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 09, 2015 11:44 pm
by stikkman
Hi, great app. Still looking for a solution to having no host names. Has this been sorted?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Dec 18, 2015 6:30 pm
by CreeD
Hi any chance you could share the source code of the viewer or at least add someway to change the hostname / add column to set fixed name for an IP. I have multiple android devices and they all have unique android id's such as android-1shs2efs

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Dec 23, 2015 10:09 am
by salshaykh
Help Required!!!!

Mikrotik IP 192.168.1.1
Network IP 192.168.1.0/24
Machine IP 192.168.1.231

I have configured the files as above IP's. Then why this error comes. Even 192.168.20.1 is not on my network or on any of my LAN adopters on the machine.

Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)

Plz help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jan 03, 2016 10:43 pm
by tartuerik
danielm,
This is what I've been looking for.

Unfortunately, I don't have any windows systems running 24-7, as
we are a linux "shop". Have you given any thought to creating a Linux version?

Many thanks for sharing, even though can't use it at the moment.

~erik

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jan 05, 2016 1:03 pm
by amsteen
Dear all

I am new here and I try many times but not working here is my situation:
1. Mikrotik server 6.19
2. I try blink and it works fine and I get my mikrotik command prompt.
3. The sniffer Services starts well but its log file shows the error:

2016/01/05 13:50:49 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:50 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:51 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Info: Service stopped
2016/01/05 13:50:54 - Info: Starting up sniffer service
2016/01/05 13:50:54 - Info: Mikrotik user: sniffer
2016/01/05 13:50:54 - Info: Mikrotik IP: 172.30.6.120
2016/01/05 13:50:54 - Info: Networks specified: 1
2016/01/05 13:50:54 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2016/01/05 13:50:54 - Info: SnifferService Port: 80
2016/01/05 13:50:54 - Info: Service started
2016/01/05 13:50:55 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:56 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:57 - Error: Cannot get traffic: http response code: 401, unauthorized

3. The mikrotik log shows that the service login then logout :
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh

4. when try the http://192.168.10.10 the browser gives white page.
5. when try the http://172.30.6.120/accounting/ip.cgi the browser gives: Error 401: Unauthorized
6. My mikrotik is zero configuration, no hotspot, only firewall nat and webproxy.
7. I am using windows xp without any software on it and firewall is disabled.

Please help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jan 21, 2016 8:33 am
by amsteen
Dear All

IT works with me fine bu I need to reset the track on daily usage
I set this setting in the SnifferService.ini file:

ClearSchedule=Daily

And how to reset it manually

But It do not work so please help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Feb 02, 2016 7:45 am
by yahelb
Anyone got this installed on Windows-10?

Is this tool still being maintained?
Nothing better available?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Feb 23, 2016 7:17 pm
by Aéras
Thanks Daniel! it really helped me to control the real time traffic! Works perfect and very easy to configure with the instructions you gave us! Regards!

Hi there Mikrotik fans!

I have something to share that I've been working on for the office. When the Internet seems slow I like to be able to see who is doing what, and that is what this little Windows app does. It looks like this:

Image

It is also extremely useful to see the traffic shaping effects when playing around with shaping rules on your Mikrotik router. It uses the Accounting feature of your router.

The tool with basic instructions is attached to this post or you can download it from the links below.

I hope this can be of use to someone! Comments welcome. :)

Daniel

PS: I know this is technically not a 'sniffer' but it actually started off as one so the name stuck.

EDIT:
I added a new version to this post (V1.0.3). Download the service and viewer from the links below. I had to split them because the forum does not allow files larger than 1 MB any more.
Change Log:
V1.0.3 (2014-06-24)
Download: Viewer and Service
  • Ability to specify service name
  • Use keepalive on service
  • Added code to help plink.exe start up the first time
  • Added more FAQ's to readme.txt
V1.0.2 (2014-01-15)
  • Added ability to track multiple subnets
  • Fixed and improved logging for service
  • Removed 'Save to CSV' button which was not working
  • Fixed typo in readme.txt instructions
  • Added some FAQ's to readme.txt

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Feb 24, 2016 5:43 pm
by talha909
HI,

Thanks for the great tool. I want to ask some thing. I want to know the address of the sites which are seen my the local ip. How can i use this to see the website name.

http://192.168.0.1/accounting/ip.cgi
64.4.23.164 192.168.0.249 88 2 * *
192.168.0.246 74.125.130.94 284 2 * *
192.168.0.249 64.4.23.164 180 1 * *
192.168.0.246 74.125.68.102 41 1 * *
74.125.200.91 192.168.0.249 40 1 * *
74.125.130.94 192.168.0.246 230 1 * *
65.55.223.13 192.168.0.249 49 1 * *
111.221.77.141 192.168.0.246 40 1 * *
192.168.0.249 74.125.200.91 40 1 * *

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Mar 06, 2016 9:36 am
by 999masks
Hello,

I would like to use your application, but I have following problems:
2014.09.11 14:25:34 - Info: Starting up sniffer service
2014.09.11 14:25:34 - Info: Mikrotik user: sniffer
2014.09.11 14:25:34 - Info: Mikrotik IP: 10.8.0.36
2014.09.11 14:25:34 - Info: Networks specified: 1
2014.09.11 14:25:34 - Info: Monitoring network: 10.8.0.0/255.255.0.0
2014.09.11 14:25:34 - Info: SnifferService Port: 8080
2014.09.11 14:25:34 - Info: Service started
2014.09.11 14:25:36 - Error: Cannot get traffic: Connection Closed Gracefully.
in the mikrotik log, there are strange "loggged in" and "loggged out" messages after start of SnifferService:

Image

and the http://10.8.2.33/accounting/ip.cgi reports "Requested document '/accounting/ip.cgi' not found"

Connection by Plink.exe is working (user sniffer is NOT logged out):
Image

Where could be a problem?
same thing happening on my end

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Mar 14, 2016 4:22 pm
by ken2kk
Hello, ken here. Does this work with windows 10 Os? I followed all the steps upto the install install sniffer service stage using command line. Some help please.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Mar 28, 2016 9:56 am
by zespri
Hello, ken here. Does this work with windows 10 Os? I followed all the steps upto the install install sniffer service stage using command line. Some help please.
Yep, working fine here as per instructions.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Apr 11, 2016 6:26 am
by kei888
Is the viewer really works on Windows 7 and 10 platforms? I double check everything but viewer doesn't display anything/

Thank you.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Apr 11, 2016 6:40 am
by kei888
Here are the logs:

2016/04/04 08:13:32 - Info: Starting up sniffer service
2016/04/04 08:13:32 - Info: Mikrotik user: sniffer
2016/04/04 08:13:32 - Info: Mikrotik IP: 172.30.8.1
2016/04/04 10:07:44 - Info: Starting up sniffer service
2016/04/04 10:07:44 - Info: Mikrotik user: sniffer
2016/04/04 10:07:44 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:27:59 - Info: Starting up sniffer service
2016/04/07 20:27:59 - Info: Mikrotik user: sniffer
2016/04/07 20:27:59 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:42:04 - Info: Starting up sniffer service
2016/04/07 20:42:04 - Info: Mikrotik user: sniffer
2016/04/07 20:42:04 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 20:54:13 - Info: Starting up sniffer service
2016/04/07 20:54:13 - Info: Mikrotik user: sniffer
2016/04/07 20:54:13 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 21:03:20 - Info: Starting up sniffer service
2016/04/07 21:03:20 - Info: Mikrotik user: sniffer
2016/04/07 21:03:20 - Info: Mikrotik IP: 172.30.8.1
2016/04/07 21:08:37 - Info: Starting up sniffer service
2016/04/07 21:08:37 - Info: Mikrotik user: sniffer
2016/04/07 21:08:37 - Info: Mikrotik IP: 172.30.8.1
2016/04/11 11:36:04 - Info: Starting up sniffer service
2016/04/11 11:36:04 - Info: Mikrotik user: sniffer
2016/04/11 11:36:04 - Info: Mikrotik IP: 172.30.8.1

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 14, 2016 12:56 pm
by debendrakandel
I configured it correctly. It worked for a week. Today when i tried i got error "List Index Out of Bounds (24)". Any body has any idea?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Apr 20, 2016 4:57 am
by nigslaysa
Thanks very useful tool however i can't get it to resolve hostnames

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 02, 2016 1:20 pm
by mexus
Does it store the results while the windows machine is off?
I mean are the stats saved on the mikrotik or just the Windows machine (where the service is running)?
I shutdown the machine at night but need stats 24/7

Is there a linux version?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue May 03, 2016 6:39 pm
by rtla01
First thanks Danielm for this very good topic.
Second thanks for all that are helping,
I´m new here, but i would like to ask you for a help with my problem.
i read all the topic but didn´t find one solution.

the SnifferService.exe can´t work. I´m using the windows 10 maybe it can be a problem?

here you can see the SnifferService.log.
2016/05/03 12:32:19 - Info: Starting up sniffer service
2016/05/03 12:32:19 - Info: Mikrotik user: sniffer
2016/05/03 12:32:19 - Info: Mikrotik IP: 10.1.1.1:8000



here is the SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=10.1.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=10.1.1.1:8000
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
#AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=8000

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed May 04, 2016 4:45 pm
by rtla01
Hi all.,
Please help me to find one solution.
I need this tools working.
Thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon May 30, 2016 2:02 pm
by kylothian
Hi there, I hope someone can assist me.
I am struggling quite a bit getting this operational, I get the following in my error log:

2016/05/30 12:48:35 - Info: Starting up sniffer service
2016/05/30 12:48:35 - Info: Mikrotik user: admin
2016/05/30 12:48:35 - Info: Mikrotik IP: 192.168.1.254
2016/05/30 12:48:35 - Info: Networks specified: 1
2016/05/30 12:48:35 - Info: Monitoring network: 192.168.1.0/255.255.255.0
2016/05/30 12:48:35 - Info: SnifferService Port: 80
2016/05/30 12:48:35 - Info: Service started
2016/05/30 12:48:35 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:36 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:44 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:44 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:46 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2016/05/30 12:48:46 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2016/05/30 12:48:46 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:46 - Error: Cannot get traffic: Connection Closed Gracefully.
2016/05/30 12:48:47 - Info: Service stopped

This is my SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.1.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.1.254
MikrotikSSHUser=admin
MikrotikSSHPassword=**
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
#ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer

My sniffer.ini
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=http://localhost/ip
#IPSource=c:\temp\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000

and on mikrotik I keep getitng the following :
user admin logged in from 192.168.1.3 via ssh
user admin logged out from 192.168.1.3 via ssh

I have connected to my mikrotik via cmd :
plink 192.168.1.254
saved cached credentials (or something like that)
and have allowed that.

My firewall is turned off same with my AV
If the service is stopped I can not telnet localhost 80
if the service is started i can telnet localhost 80

please let me know if you require any further information,

regards
K

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jun 04, 2016 1:15 pm
by tmrcomputing
Go to Traffic Accounting Web Access and change the address by your LAN IP/24 (basically add your subnet /XX).

hehhehe
Dear all

I am new here and I try many times but not working here is my situation:
1. Mikrotik server 6.19
2. I try blink and it works fine and I get my mikrotik command prompt.
3. The sniffer Services starts well but its log file shows the error:

2016/01/05 13:50:49 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:50 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:51 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:52 - Info: Service stopped
2016/01/05 13:50:54 - Info: Starting up sniffer service
2016/01/05 13:50:54 - Info: Mikrotik user: sniffer
2016/01/05 13:50:54 - Info: Mikrotik IP: 172.30.6.120
2016/01/05 13:50:54 - Info: Networks specified: 1
2016/01/05 13:50:54 - Info: Monitoring network: 192.168.10.0/255.255.255.0
2016/01/05 13:50:54 - Info: SnifferService Port: 80
2016/01/05 13:50:54 - Info: Service started
2016/01/05 13:50:55 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:56 - Error: Cannot get traffic: http response code: 401, unauthorized
2016/01/05 13:50:57 - Error: Cannot get traffic: http response code: 401, unauthorized

3. The mikrotik log shows that the service login then logout :
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged in from 192.168.10.10 via ssh
Jan/05/2016 13:50:55 memory system, info, account user sniffer logged out from 192.168.10.10 via ssh

4. when try the http://192.168.10.10 the browser gives white page.
5. when try the http://172.30.6.120/accounting/ip.cgi the browser gives: Error 401: Unauthorized
6. My mikrotik is zero configuration, no hotspot, only firewall nat and webproxy.
7. I am using windows xp without any software on it and firewall is disabled.

Please help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jun 22, 2016 8:58 pm
by VinceIT
Hi,

My first post on this forum. I installed and configured everything as per instructions. Ive got 2 problems .
*when trying to access the http://routerip/accounting/ip.cgi i get the following - error 401 unautherized .
Secondly
*i cant see my sniffer user loging onto the router in the logs.
*if i go into the sniferservice log file, i get the same error 401 unautherized. Please any any advice will help

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jun 25, 2016 12:34 am
by kevinds
Howdy,

I haven't read this entire thread, I did the first couple and and the last couple pages though.

Is V1.0.3 (2014-06-24) the latest version?  Is this software posted anywhere else?  Looking for a quick place to check for updates.

Readme was void of this information.

Is it possible to configure with an RSA key for SSH authenication, rather than password?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jun 28, 2016 9:33 pm
by mantunes
Thanks for the helpfull tool!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jul 15, 2016 5:25 pm
by wdmyburgh
Hi,

I am struggling to add more than 1 network to be monitored.

Should the comma separated values be in one line or separated with a comma and then the next subnet posted in the next line?

Please assist.

Regards

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 16, 2016 1:09 am
by rcocchiararo
This used to crash from time to time and i had to restart the service.

Now it lasts a few minutes and dies.

Can it be related to something from update 6.35.4?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jul 17, 2016 11:15 pm
by brandofriva
Also had an issue with Host names not showing up - here is what I found worked:
- IP -> Services -> Ensure SSH is enabled

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 23, 2016 7:08 pm
by soamz
Final version works for anyone ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 23, 2016 7:33 pm
by cutedrummerboy
can we get a native linux version of sniffer service??

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Jul 28, 2016 2:08 pm
by soamz
thanks alot very good topic
Did you get it working ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jul 29, 2016 2:03 pm
by alisc
thanks a lot
This is the best

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jul 29, 2016 4:05 pm
by wdmyburgh
Also had an issue with Host names not showing up - here is what I found worked:
- IP -> Services -> Ensure SSH is enabled
I see SSH is enabled on my routerboard.
I can see the Active Host names on the Mikrotik, but the host names do not pull through into the sniffviewer program.
Any Ideas how I can get this fixed?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Aug 18, 2016 7:30 pm
by cmcawood
Hi danielm,

thanks for the great tool. Would you be prepared to share the source code and/or make it available as open source on something like github so others can contribute and grow this great tool. I would be willing to add on the ability to write to a database and draw additional reports.

--Craig

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Aug 25, 2016 11:59 pm
by lakim
Hi, this is very usefull tool. Please share an information how to donate.
It will be more usefull when can be connecetd to a database to see a transfer history.
It will be good to see what sites user is using.

Anyway thank you!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Sep 05, 2016 7:12 pm
by yandrek
hi,

thats an awesome tool, ive been using it for a while, but something changed recently. after i upgraded routeros to the latest update, the attix5 tool doenst show the host names, it did before, but now doesnt. anyone has the same issue?

thanks a lot in advanced.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Sep 30, 2016 7:06 pm
by bcsteeve
I guess this tool doesn't work with latest Router OS??

I installed it and it works except that it is woefully inaccurate. Like, not even close. I can download with a sustained 150Mb/s connection and the graph shows some random traffic hovering around the 32Kb/s mark. Never anywhere near true. Also, every single IP is shown graphed identically (all colors follow the same line regardless of what their traffic is actually like).

So it "works" as in there are no errors and everything appears to be fine... but the data is entirely useless.

I see the author hasn't been on in quite some time, so is the development just dead?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Oct 18, 2016 9:46 am
by Zaied
Thanks for a brilliant supportive app which helping a lot. Have an asking on this attix5 viewer.

Can it possible to collect multiple source of servers (within connected LAN) in the single window of attix5?
I've a different office location where IP range separated by different range like 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24 etc which again inter connected via tunnel.
Each location existed Mikrotik can through data to location wise PC's.

Just want to know whether it can be seen by the central viewer or not. Advance thanks for the observation & support.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 28, 2016 8:10 pm
by hmhpc
@danielm
hello dear , it's super awesome tool, that's really what i want , but i have some trouble with it
1- sometime statistics rests by it self
2- I want take report daily , monthly , and also per Year
there are valuable features that i really care
what about new Version ?! :) or just give me Source Code , i upgrade it by myself ...

Best Regards
Hesam

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Nov 14, 2016 7:28 pm
by vukko
I guess this tool doesn't work with latest Router OS??

I installed it and it works except that it is woefully inaccurate. Like, not even close. I can download with a sustained 150Mb/s connection and the graph shows some random traffic hovering around the 32Kb/s mark. Never anywhere near true. Also, every single IP is shown graphed identically (all colors follow the same line regardless of what their traffic is actually like).

So it "works" as in there are no errors and everything appears to be fine... but the data is entirely useless.

I see the author hasn't been on in quite some time, so is the development just dead?
I've just installed it again, running against latest 6.37.1 RouterOS and working perfectly, with accurate stats.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Nov 14, 2016 10:16 pm
by bcsteeve
I was using 6.37 and I don't see anything in the 6.37.1 update that would affect this... but I'll give it a try again.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Dec 01, 2016 3:20 am
by mac86
Very good work, Thank you !!!

It's possible to archive traffic history like PNRG ?

http://www.netpro-ar.com/monitoreo-de-t ... y-netflow/

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Dec 01, 2016 9:33 am
by MikroTikFan
Hi
Try to change your router IP.
ip address you have is used as broadcast.
Thank you this is broadcast , It mean 192.168.0.255 this is my understand correct or not , because I use 192.168.0.0/24
You are right! If you use mask 24 (255.255.255.0) you can use the 192.168.0.254 as your router adress.

I think, you should check router settings:

/user
group add name=sniffer policy="ssh,read"
add address=192.168.0.254/24 disabled=no group=sniffer name=sniffer

Enable accounting, required for graph
/ip accounting
set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.XX/24
Looking at all posts attached screen shoots I see columns hosts but without any data.
For me very important will be to see traffic in domain names. Is this possible and how to configure this?

I made first steps to run accounting, but I have an issue.

Router LAN IP: 192.168.5.254
WWW router port: 81

Browser error: ERR_CONNECTION_REFUSED

Executed same config as above in example and I still can't access to any of below listed accounting web page.

http://192.168.5.254:81/accounting/ip.cgi
> ip accounting export
# nov/20/2016 06:17:40 by RouterOS 6.38rc37
# software id = ##########
#
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.5.0/24
In WebFig I see also that user sniffer is logged in. But in a date I see the time from last restart of sniffer service.

Please help me what is wrong?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Dec 01, 2016 11:26 pm
by MikroTikFan
I have found - WWW service has different port ;-)

SnifferService.ini
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted.  Specify a mask for each network even if they are the same.
Network=192.168.5.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.5.254:81
MikrotikSSHUser=sniffer
MikrotikSSHPassword=sniffer
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#If you use a web proxy on the mikrotik, set this to 1
#MeasureTrafficToRouter=0

#Alternative service port to listen on
ServicePort=81

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
#ClearSchedule=weekly
ClearSchedule=monthly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
ServiceDisplayName=Sniffer
I think that I have correctly started service

016-12-01 23:33:03 - Info: Starting up sniffer service
2016-12-01 23:33:03 - Info: Mikrotik user: sniffer
2016-12-01 23:33:03 - Info: Mikrotik IP: 192.168.5.254:81
2016-12-01 23:33:03 - Info: Networks specified: 1
2016-12-01 23:33:03 - Info: Monitoring network: 192.168.5.0/255.255.255.0
2016-12-01 23:33:03 - Info: SnifferService Port: 81
2016-12-01 23:33:03 - Info: Service started

Unfortunately I have some problems to get Viewer data

I have checked also from command line plink and after this and putting first login it seems to be working fine.

Sniffer.ini
[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=http://localhost/ip
#IPSource=c:\temp\ips.txt
IPSource=C:\Program Files (x86)\Sniffer\ips.txt

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=1000000
#LineCapacityOutbit=512000
Please help me to check if I made any mistake in config files.
(Package: 6.38rc38)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 09, 2017 11:34 am
by cabecmabec
Hi there,
i have configured Viewer and Service. Everything works great but i noticed that the speeds both receive and send are wrong(i am using 100Mbit connection). Look at the picture below
RouterOS Current Version 6.30.2
Image

edit: after upgrade to latest version RouterOS (6.38) the send speed is correct, but the download speed is wrong again. Now i see higher download speeds but not more than 200kb/s.
[Settings]

#Required settings are uncommented
#Defaults are shown

#Capture packets from this network (ignore internal traffic)
#Comma-separated values are accepted. Specify a mask for each network even if they are the same.
Network=192.168.88.0
Mask=255.255.255.0
#Match everything BUT the above (only for special custom situations):
#InverseMatch=0

#Mikrotik Server
Mikrotik=192.168.88.1
MikrotikSSHUser=XXXXXXXXXXXX
MikrotikSSHPassword=XXXXXXXXXXXXX
#This is combined with the Mikrotik IP address to create the accounting URL:
AccountingPath=/accounting/ip.cgi

#Alternative service port to listen on
ServicePort=80

#Convert static DNS names to uppercase
#UppercaseStatic=1

#Trim trailing text from DNS and DHCP names
#DeleteSuffix=.mycompany.com

#Clear values weekly (default) or monthly
ClearSchedule=monthly

#Specify a different service name (for multiple services on one machine)
#ServiceName=Sniffer
#ServiceDisplayName=Sniffer

Viewer sniffer.ini

[Settings]

#Location of SnifferService
SnifferService=localhost

#This line can be used to specify a file listing the ips (not required if service is configured with SSH)
#IPSource=XXX

#Incoming and outgoing max bandwith (not required, for display purposes only)
#LineCapacityInbit=10000000
#LineCapacityOutbit=512000

after the RouterOS update:
Image

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Jan 24, 2017 5:58 pm
by jawas
Hi,
realy great tool. Am I right that it is possible to configure it for more networks, but for one Mikrotik device only? I would like to use it on my laptop (both service and viewer) for many networks, e.g. at home, at work and at the customers...). Is there any way how to configure the SnifferService.ini to use it that way? Thanks a lot.
Jiri

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Jan 30, 2017 9:52 am
by santong7
Thank you Daniel for your great tool.

I would like to suggest you something.

Is it possible to configure the same tool, to show you the CAPSMAN registration table tab, instead of showing the ip and the data.

I mean to show the cap, the ssid, the mac address, the hostname and the transferred data ?

This tool would be in handy in wireless hot spots.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Mar 14, 2017 12:08 pm
by bityekimike
Hi All
I am a new user of Mikrotik Router , i have already download the tool , i have followed the step by step but i meet some issue , the "sniffer service" do not appear on the service manager list so when i run the sniffer service there is noting , when i run the link http://ip_adress_of_the_router:88/accounting/ip.cgi , i have a results
See below the sniffer log
2017/03/14 10:43:44 - Info: Starting up sniffer service
2017/03/14 10:43:44 - Info: Mikrotik user: sniffer
2017/03/14 10:43:44 - Info: Mikrotik IP: 10.3.34.100
2017/03/14 10:46:41 - Info: Starting up sniffer service
2017/03/14 10:46:41 - Info: Mikrotik user: sniffer
2017/03/14 10:46:41 - Info: Mikrotik IP: 10.3.34.100
10.3.34.100 is the local ip of the router
Please could you help me

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Mar 23, 2017 12:12 pm
by aarango
Is there this tool for Linux? (Service & Viewer)

Thanks.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Apr 09, 2017 10:46 pm
by parksj10
Any idea why this tool will only work when I have torch running on the local bridge?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Apr 10, 2017 11:18 am
by andriys
Any idea why this tool will only work when I have torch running on the local bridge?
That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 13, 2017 8:26 am
by parksj10
Any idea why this tool will only work when I have torch running on the local bridge?
That's because /ip accounting is not supposed to work for fasttracked traffic (more info here). If you need to use this tool you have to disable FastTrack.
Thanks for the reply! Kind of what I was starting to understand. From what I was reading, FastTrack can dramatically increase speeds, is that right? Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack. What I'm think is that if the SnitchMonitor Service can detect connected clients, then it can send out a command to either disable or enable FasTrack depending on the presence of a user.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 13, 2017 11:23 am
by andriys
FastTrack can dramatically increase speeds, is that right?
Yes, that's correct.
Also, I wondering if there's a way to externally signal RouterOS to temporarily disable FastTrack.
Well, that's not that easy. You can, for instance, use API calls to disable/enable fasttrack firewall rules, but the already fasttracked connections will continue to go fast path until the connection is closed.

If you need to use fasttrack and want to monitor you bandwidth consumption at the same time, I suggest you looking at /ip traffic-flow instead of the /ip accounting (traffic-flow works with fasttrack since 6.33).

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Apr 14, 2017 10:01 am
by parksj10
If you need to use fasttrack and want to monitor you bandwidth consumption at the same time, I suggest you looking at /ip traffic-flow instead of the /ip accounting (traffic-flow works with fasttrack since 6.33).
Ok, I'll definitelylook into traffic-flow more. My first reading looks like I can use utilities that are built for Netflow protocol. Do you have suggestions on any tools? I'm looking for something can can monitor internet bandwidth usage per client with a graphical interface--essentially exactly what this tool does (except with fasttrack!).

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Apr 14, 2017 10:24 am
by andriys
Do you have suggestions on any tools?
ManageEngine NetFlow Analyzer used to be a good (commercial) product, but, IMO, is not anymore. They redesigned interface at some point (made it "modern") and it became awfully slow and less functional. I'm stuck at version 9.8 (was released in 2011). Also just google- there are quite a few NetFlow collectors available, both free and commercial.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Apr 14, 2017 12:35 pm
by articiok
Flowviewer is great.
Works fine on a raspberry pi.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Jun 07, 2017 3:01 pm
by kuldaoo
Hi,
I use Attix5 traffic monitor with my routerboard 450. There a strange traffic named "other" that doesn't have any IP address. Do you know what the "Other" traffic could be?
Thanks

Ladislav Kulaty

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jul 29, 2017 4:20 pm
by kgmuzu
Hi,

do you want to, can you, make it open source?

cheers,

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Aug 28, 2017 3:49 pm
by biatche
if my ssh port is not on 22, how do i configure the ini?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Sep 21, 2017 11:14 pm
by dllfpp
Is there any way of overriding the default ssh port 22? To avoid brute force attacks, my Mikrotik is set to a different port.
The ini.file's port setting only overrides web, not SSH access. I tried changing the server to 192.168.1.88:5005, but that does not seem to register.
Any guidance much appreciated!
if my ssh port is not on 22, how do i configure the ini?
I need this as well...

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Oct 20, 2017 7:06 pm
by w4rchild
Image
Does anyone know how to hostnames?

Shows blank for me.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Nov 24, 2017 10:47 am
by karlisi
Many thanks for this tool!

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 29, 2017 6:23 pm
by trekastana
Where can I donwload Attix?

Thanks..

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Nov 30, 2017 6:06 pm
by dllfpp
Where can I donwload Attix?

Thanks..

Get it here https://dllfppblog.wordpress.com/catego ... /mikrotik/

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Jan 14, 2018 9:28 am
by Ramo
Is there anyone still use this attix ? i worked with this monitoring app for 1 year without problem but recently when i run the app i see an error " List index out of bound (22)" and nothing shows in the app.

and another question , how can i save the records ? and how can i reset result manually ?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jan 20, 2018 5:47 am
by theblackz
Hai guys,

before thanks for creating such amazing app, this is very helping me for monitoring my network.
and so i have read from the start till the end of this problem.
i have a time to make a simple step-by-step using configuration help from the app.
before my apologize if i make some sort of mistake by creating this step-by-step, i do not have any ill intention, just want to help everyone who have problems.

1st step:
enable your accounting on mikrotik ------ /ip accounting

Image

2nd step:
enable your web access accounting on mikrotik /ip accounting web access
enter your ip address local machine

Image

3rd step:
copy your service and viewer sniffer to c:\program files (x86) for 64bit or c:\program files for 32bit
ps: don't forget to change your folder name, anything will work fine

Image

4th step:
open your SnifferService.ini from service folder to change according your IP Network, Username and Password of your Mikrotik device.
also don't forget to change your mikrotik port www (default is 80), mine is 69
add port in front of AccountingPath if you use different port like mine, default port no need to add anything

Image

5th step:
open your Sniffer.ini from viewer folder and change the ip address based on you local machine.

Image

6th step:
open you command prompt as admin, then direct to your service sniffer folder and type exactly as shown.
SnifferService.exe /install
this will install Sniffer Service on your local machine service.

Image

final step:
open your task manager, and search for Sniffer service, then right click and click start.
you Sniffer service should be on Running state.

Image
Image
Image

and this is where you running the Sniffer Viewer.
Image

that's all guys, hope my step-by-step can help you.
regards and cheers :D

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Mar 28, 2018 11:29 am
by CrAzYs
2018/03/28 12:23:44 - Info: Starting up sniffer service
2018/03/28 12:23:44 - Info: Mikrotik user: sniffer
2018/03/28 12:23:44 - Info: Mikrotik IP: 192.168.2.111
2018/03/28 12:23:44 - Info: Networks specified: 1
2018/03/28 12:23:44 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2018/03/28 12:23:44 - Info: SnifferService Port: 80
2018/03/28 12:23:44 - Info: Service started
2018/03/28 12:24:06 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:26 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:45 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.

help me

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Apr 05, 2018 10:38 am
by CrAzYs
2018/03/28 12:23:44 - Info: Starting up sniffer service
2018/03/28 12:23:44 - Info: Mikrotik user: sniffer
2018/03/28 12:23:44 - Info: Mikrotik IP: 192.168.2.111
2018/03/28 12:23:44 - Info: Networks specified: 1
2018/03/28 12:23:44 - Info: Monitoring network: 192.168.2.0/255.255.255.0
2018/03/28 12:23:44 - Info: SnifferService Port: 80
2018/03/28 12:23:44 - Info: Service started
2018/03/28 12:24:06 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:26 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.
2018/03/28 12:24:45 - Error: Cannot get traffic: Socket Error #10054, Connection reset by peer.

help me
problem solved.. from the Node32 have to give full right to all the ports for sniffer service.exe

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Apr 22, 2018 12:04 pm
by mirosein
Hi all
I've installed and run the sniffing services and I'm sure about my configurations, as I've followed up help files and help videos...
i can see AccountingPath=/accounting/ip.cgi
sniffingservice is running on windows service manager,
I've checked out all ports (set 80)
firewall is off...
but whenever I start the "sniffing service " on windows services after it's started, I check Mikrotik Log to see if user I have created is logged in or what ! find it logged in then logged out automatically!
i donno why is that!?
sniffer.JPG
i would be so glad if u can help to solve this issue.
thx. :)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu May 03, 2018 6:53 am
by zeeshanmustafa
failed to get HOST NAMES using mikrotik DHCP and DNS
any solution?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri May 04, 2018 7:40 am
by ehab69922
thnxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu May 17, 2018 9:33 am
by musman
getting this error in log file, i've ips in ini file to my mikrotik ip that is 10.0.0.10, but its still showing this in log...

2018/05/16 12:39:35 - Info: Starting up sniffer service
2018/05/16 12:39:35 - Info: Mikrotik user: sniffer
2018/05/16 12:39:35 - Info: Mikrotik IP: 192.168.88.1
2018/05/16 12:42:55 - Info: Starting up sniffer service
2018/05/16 12:42:55 - Info: Mikrotik user:
2018/05/16 12:42:55 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:02 - Info: Starting up sniffer service
2018/05/16 12:48:02 - Info: Mikrotik user:
2018/05/16 12:48:02 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:04 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:10 - Info: Starting up sniffer service
2018/05/16 12:48:10 - Info: Mikrotik user:
2018/05/16 12:48:10 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:37 - Info: Starting up sniffer service
2018/05/16 12:48:37 - Info: Mikrotik user:
2018/05/16 12:48:37 - Info: Mikrotik IP: 192.168.20.1
2018/05/16 12:48:37 - Info: Networks specified: 1
2018/05/16 12:48:37 - Info: Monitoring network: 192.168.20.0/255.255.252.0
2018/05/16 12:48:37 - Info: SnifferService Port: 80
2018/05/16 12:48:37 - Info: Service started
2018/05/16 12:48:39 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:40 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:41 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)
2018/05/16 12:48:42 - Error: Cannot get traffic: Connect timed out. (192.168.20.1:80)

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri Jun 22, 2018 4:20 am
by exliko
Thx for this superb tool
I've been using it since 2014

It's been 5 years now, is there any updates for this tool?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Mon Aug 06, 2018 11:58 am
by jhezzalian
sir where i can download attix5

This is a great tool danielm ! Thank you so much for making this and for making it available to everyone!

I think I (may) be experiencing an issue similar to kendo (and it also does come back to how the sniffer service polls/collects traffic data from the Mikrotik).

I regularly have Winbox and Snifferviewer(Attix5 Traffic Monitor) open, and I often see traffic that is WAY higher on the Mikrotik WAN/LAN interfaces than the aggregate traffic seen in the Snifferviewer program. I don't think I have ever seen it the other way around, where the traffic in Snifferviewer is higher than the traffic in Winbox (and this isn't due to a delay, as Snifferviewer never comes close to reaching the peaks reported by Winbox).

Is this traffic simply not counted? Is it too fleeting/instantaneous for the sniffer service to poll? Or does it simply not register in the Snifferviewer program (and the cumulative send/receive data is actually counted)? I've unchecked the "use 5 sec average" box hoping to view more real-time traffic. Below are 5 printscreens showing examples of what it is I'm experiencing, and also wonder if other people have seen the same.

Still, great tool danielm! :D

Image
Image
Image
Image
Image

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Aug 25, 2018 8:53 am
by rigasservice
sir where i can download attix5
Read some post above :)
viewtopic.php?f=2&t=77193&start=250#p630420

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Aug 28, 2018 1:06 pm
by Jazim
Hello !
I want to know how can i know my daily bandwidth usage ? I want total usage of my 04 isps which are configured in my microtec Routerboard.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Tue Sep 04, 2018 11:35 am
by tarecco
Awesome tool! Really appreciate it. Thank you

As for anyone that can't login and/or check, change you HTTP service port in IP to soething other than 80, and define the mikrotik address in the .ini file as 192.168.XX.XX:yyy instead of just 192.168.XX.XX, where yyy is your http service port. Did that, works like a bomb.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 28, 2018 2:40 pm
by SilverNodashi
Is there this tool for Linux? (Service & Viewer)

Thanks.
I would also prefer a Linux version, but I guess this is what it is.

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Nov 28, 2018 3:09 pm
by SilverNodashi
Ok, so I tried this tool and it seems quite handy. Is there a way to see though which websites / services any of the IP's access? i.e. can I see if 192.168.1.107 access facebook.com, for example, and how much data is being downloaded from facebook.com?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sun Feb 17, 2019 3:12 pm
by mirzasoltan
hi,

i installed attix5 traffic monitor and successfully run sniffer viewer.

i see our ip addresses and traffic usage of them, but HOST column is empty!! i want to see hostname of per ip or user names. what is the problem?

i use user manager tool in mikrotik and our clients are authenticating from user manager users. (hotspot users in mikrotik is empty)

what can i do, to see HOST information in sniffer view? or is it a better application that can used for monitoring just the usage of users bandwidth and their traffic throw mikrotik?

thanks

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Thu Mar 28, 2019 10:14 pm
by nemilose
^
You need to create ips.txt file with the following contents:
IP1=Computer 1
IP2=Mobile phone
...etc.

For example:
192.168.1.101=Computer 1
192.168.1.102=Mobile phone
192.168.1.104=Laptop
192.168.1.108=TV

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri May 10, 2019 9:50 am
by borajuanjo
Where can I donwload Attix?

Thanks..

Get it here https://dllfppblog.wordpress.com/catego ... /mikrotik/
As of today, the links in this blog are broken. Does anybody know anything about this? I can't find Attix5 anywhere. Is it free BTW?

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Fri May 10, 2019 12:53 pm
by nikc
[/quote]
As of today, the links in this blog are broken. Does anybody know anything about this? I can't find Attix5 anywhere. Is it free BTW?
[/quote]

Viewer - https://app.box.com/s/uszqxbxk15g9jup5qiq3nqlvp8h8vxaj
Service - https://app.box.com/s/elqkvbsnz03b6welhikkcvbj36octdmp

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Jun 29, 2019 12:24 am
by dakotabcn
Thanks for the tool
I have problem with snifferviewer, i have installed the service in windows 7 VM machine, start and connect with the mikrotik OK. I use the viewer in local and show data, but if use the viewer in another machine and indicate the VM machine no show any data, i have disabled the firewall but no work
any idea?

regards

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Wed Sep 25, 2019 8:02 am
by aungkooo
How to configure to see host name in viewer .

Re: Tool: Realtime per IP traffic monitor for home/office

Posted: Sat Dec 07, 2019 9:16 am
by shovon
Those who are not seeing hostnames in Sniffviewer, install v1.0.3, it'll surely work.