use wire shark or SHARKNADO tool
On 10/09/2015 03:02 PM, Josh Luthman wrote:
Stream it =)
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, Oct 9, 2015 at 3:57 PM, That One Guy /sarcasm
<[email protected] <mailto:[email protected]>> wrote:
without dumping it to a server.
the sniffer doesnt seem to have a verbose option that ive read
On Fri, Oct 9, 2015 at 2:53 PM, Josh Luthman
<[email protected] <mailto:[email protected]>>
wrote:
tools > sniffer
Josh Luthman
Office: 937-552-2340 <tel:937-552-2340>
Direct: 937-552-2343 <tel:937-552-2343>
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, Oct 9, 2015 at 3:52 PM, That One Guy /sarcasm
<[email protected] <mailto:[email protected]>>
wrote:
is there a way to get a tcpdump package onto mikrotik
On Fri, Oct 9, 2015 at 1:00 PM, Forrest Christian (List
Account) <[email protected]
<mailto:[email protected]>> wrote:
If you can capture the traffic, you may find that it
is legitimate traffic for a misconfigured domain.
I.e. some domain has their name servers listed
including that ip. A capture should show which
domain the query is for.
I seem to recall the sniffer functionality in a
mikrotik will either decode this, or more likely save
and/or stream it so that you can use Wireshark on a PC
to decode.
On Oct 9, 2015 9:12 AM, "That One Guy /sarcasm"
<[email protected]
<mailto:[email protected]>> wrote:
My policy on this interface is default deny, so it
is dropping them, but its still going on to just
the one IP out if the /28 subnet. I dont mind
dropping them, its not noticable bandwidth, I just
cant figure out why it is the traffic is focused
there, I almost wonder if I ws to stick a DNS
server on that IP if it would increase
On Fri, Oct 9, 2015 at 8:08 AM, David
<[email protected] <mailto:[email protected]>>
wrote:
DDOSDNS bot trying to find a live host for
pushing responses.
add rule
input udp dest-port 53 interface=to internet
drop in your firewall
hate those little bastards dont have anything
else to do except do what their programmed to do
On 10/08/2015 11:42 PM, That One Guy /sarcasm
wrote:
So I'm at home, turning up a subnet on a
mikrotik on the network. Mind you this subnet
hasn't been in use in 6 months. This is for
some servers so I create a default deny
policy with logging. One of the IPs is being
hammered on port 53 udp per the packet
sniffer. The IP isn't live, its just dropping
because of the policy. Its not much bandwidth
but as best I can tell its constantl and
different IPs.
Is the packet sniffer on these things similar
to tcpdump, the manual page didn't seem so.
All I can guess is these are part of
something I'm not related to and since this
IP hasn't been live in 6 months its spoofed
or something and these are some sort of
response packet to a denial of service
somewhere else.
but this subnet, not this particular IP, will
house a couple DNS servers, I just want to
make sure theres no shenanigans going on
before I turn anything up
Without being at the office to wireshark this
from a switch, how do I get more out of this
mikrotik packet sniffer
--
If you only see yourself as part of the team
but you don't see your team as part of
yourself you have already failed as part of
the team.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part of
the team.
