without dumping it to a server. the sniffer doesnt seem to have a verbose option that ive read
On Fri, Oct 9, 2015 at 2:53 PM, Josh Luthman <[email protected]> wrote: > tools > sniffer > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Fri, Oct 9, 2015 at 3:52 PM, That One Guy /sarcasm < > [email protected]> wrote: > >> is there a way to get a tcpdump package onto mikrotik >> >> On Fri, Oct 9, 2015 at 1:00 PM, Forrest Christian (List Account) < >> [email protected]> wrote: >> >>> If you can capture the traffic, you may find that it is legitimate >>> traffic for a misconfigured domain. I.e. some domain has their name >>> servers listed including that ip. A capture should show which domain the >>> query is for. >>> >>> I seem to recall the sniffer functionality in a mikrotik will either >>> decode this, or more likely save and/or stream it so that you can use >>> Wireshark on a PC to decode. >>> On Oct 9, 2015 9:12 AM, "That One Guy /sarcasm" < >>> [email protected]> wrote: >>> >>>> My policy on this interface is default deny, so it is dropping them, >>>> but its still going on to just the one IP out if the /28 subnet. I dont >>>> mind dropping them, its not noticable bandwidth, I just cant figure out why >>>> it is the traffic is focused there, I almost wonder if I ws to stick a DNS >>>> server on that IP if it would increase >>>> >>>> On Fri, Oct 9, 2015 at 8:08 AM, David <[email protected]> wrote: >>>> >>>>> DDOSDNS bot trying to find a live host for pushing responses. >>>>> >>>>> add rule >>>>> input udp dest-port 53 interface=to internet drop in your firewall >>>>> >>>>> hate those little bastards dont have anything else to do except do >>>>> what their programmed to do >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote: >>>>> >>>>> So I'm at home, turning up a subnet on a mikrotik on the network. Mind >>>>> you this subnet hasn't been in use in 6 months. This is for some servers >>>>> so >>>>> I create a default deny policy with logging. One of the IPs is being >>>>> hammered on port 53 udp per the packet sniffer. The IP isn't live, its >>>>> just >>>>> dropping because of the policy. Its not much bandwidth but as best I can >>>>> tell its constantl and different IPs. >>>>> >>>>> Is the packet sniffer on these things similar to tcpdump, the manual >>>>> page didn't seem so. All I can guess is these are part of something I'm >>>>> not >>>>> related to and since this IP hasn't been live in 6 months its spoofed or >>>>> something and these are some sort of response packet to a denial of >>>>> service >>>>> somewhere else. >>>>> but this subnet, not this particular IP, will house a couple DNS >>>>> servers, I just want to make sure theres no shenanigans going on before I >>>>> turn anything up >>>>> Without being at the office to wireshark this from a switch, how do I >>>>> get more out of this mikrotik packet sniffer >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
