I want to check my home netwrok \ computer to see if a computer is sending data to "bad" place :-)
so I thought I will check the router firewall for tcp connection
will this do the job? or I need to get all the protocols?
meaning I will write a script that run once every 20 seconds ~ and print me the connection my computer is doing ?
***
I have try to run this
Code: Select all
:foreach i in=[/ip firewall connection find where src-address~"10.0.0.111"] do={[/ip firewall connection print where .id=$i] }
but I want to get only the dst-address
I thought I will do this -
Code: Select all
:foreach i in=[/ip firewall connection find where src-address~"10.0.0.111"] do={[/ip firewall connection get value-name=dst-address number=$i]}
***
if I'm correct -
what will be the best way to investigate the results?
send the dst-address to syslog server?
is there any what to get a the firewall send a syslog or something when a new connection is open from the internal netwrok ?
that way I will get also the UDP\ICMP all other protocols I miss if I run every 20 sencods?
Thanks ,