Stream it =)
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 9, 2015 at 3:57 PM, That One Guy /sarcasm < [email protected]> wrote: > without dumping it to a server. > the sniffer doesnt seem to have a verbose option that ive read > > On Fri, Oct 9, 2015 at 2:53 PM, Josh Luthman <[email protected]> > wrote: > >> tools > sniffer >> >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> On Fri, Oct 9, 2015 at 3:52 PM, That One Guy /sarcasm < >> [email protected]> wrote: >> >>> is there a way to get a tcpdump package onto mikrotik >>> >>> On Fri, Oct 9, 2015 at 1:00 PM, Forrest Christian (List Account) < >>> [email protected]> wrote: >>> >>>> If you can capture the traffic, you may find that it is legitimate >>>> traffic for a misconfigured domain. I.e. some domain has their name >>>> servers listed including that ip. A capture should show which domain the >>>> query is for. >>>> >>>> I seem to recall the sniffer functionality in a mikrotik will either >>>> decode this, or more likely save and/or stream it so that you can use >>>> Wireshark on a PC to decode. >>>> On Oct 9, 2015 9:12 AM, "That One Guy /sarcasm" < >>>> [email protected]> wrote: >>>> >>>>> My policy on this interface is default deny, so it is dropping them, >>>>> but its still going on to just the one IP out if the /28 subnet. I dont >>>>> mind dropping them, its not noticable bandwidth, I just cant figure out >>>>> why >>>>> it is the traffic is focused there, I almost wonder if I ws to stick a DNS >>>>> server on that IP if it would increase >>>>> >>>>> On Fri, Oct 9, 2015 at 8:08 AM, David <[email protected]> wrote: >>>>> >>>>>> DDOSDNS bot trying to find a live host for pushing responses. >>>>>> >>>>>> add rule >>>>>> input udp dest-port 53 interface=to internet drop in your firewall >>>>>> >>>>>> hate those little bastards dont have anything else to do except do >>>>>> what their programmed to do >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote: >>>>>> >>>>>> So I'm at home, turning up a subnet on a mikrotik on the network. >>>>>> Mind you this subnet hasn't been in use in 6 months. This is for some >>>>>> servers so I create a default deny policy with logging. One of the IPs is >>>>>> being hammered on port 53 udp per the packet sniffer. The IP isn't live, >>>>>> its just dropping because of the policy. Its not much bandwidth but as >>>>>> best >>>>>> I can tell its constantl and different IPs. >>>>>> >>>>>> Is the packet sniffer on these things similar to tcpdump, the manual >>>>>> page didn't seem so. All I can guess is these are part of something I'm >>>>>> not >>>>>> related to and since this IP hasn't been live in 6 months its spoofed or >>>>>> something and these are some sort of response packet to a denial of >>>>>> service >>>>>> somewhere else. >>>>>> but this subnet, not this particular IP, will house a couple DNS >>>>>> servers, I just want to make sure theres no shenanigans going on before I >>>>>> turn anything up >>>>>> Without being at the office to wireshark this from a switch, how do I >>>>>> get more out of this mikrotik packet sniffer >>>>>> >>>>>> -- >>>>>> If you only see yourself as part of the team but you don't see your >>>>>> team as part of yourself you have already failed as part of the team. >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
