I love these mikrotiks!! Thanks for pointing out I can just save the file and load it into wireshark, drag and dropped it out of winbox to my PC without having to set up a cupture for the stream or anything, this is like the greatest thing ever, or at least in the last ten minutes
On Fri, Oct 9, 2015 at 3:28 PM, David <[email protected]> wrote: > use wire shark or SHARKNADO tool > > > On 10/09/2015 03:02 PM, Josh Luthman wrote: > > Stream it =) > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Fri, Oct 9, 2015 at 3:57 PM, That One Guy /sarcasm < > [email protected]> wrote: > >> without dumping it to a server. >> the sniffer doesnt seem to have a verbose option that ive read >> >> On Fri, Oct 9, 2015 at 2:53 PM, Josh Luthman <[email protected] >> > wrote: >> >>> tools > sniffer >>> >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> On Fri, Oct 9, 2015 at 3:52 PM, That One Guy /sarcasm < >>> [email protected]> wrote: >>> >>>> is there a way to get a tcpdump package onto mikrotik >>>> >>>> On Fri, Oct 9, 2015 at 1:00 PM, Forrest Christian (List Account) < >>>> [email protected]> wrote: >>>> >>>>> If you can capture the traffic, you may find that it is legitimate >>>>> traffic for a misconfigured domain. I.e. some domain has their name >>>>> servers listed including that ip. A capture should show which domain the >>>>> query is for. >>>>> >>>>> I seem to recall the sniffer functionality in a mikrotik will either >>>>> decode this, or more likely save and/or stream it so that you can use >>>>> Wireshark on a PC to decode. >>>>> On Oct 9, 2015 9:12 AM, "That One Guy /sarcasm" < >>>>> [email protected]> wrote: >>>>> >>>>>> My policy on this interface is default deny, so it is dropping them, >>>>>> but its still going on to just the one IP out if the /28 subnet. I dont >>>>>> mind dropping them, its not noticable bandwidth, I just cant figure out >>>>>> why >>>>>> it is the traffic is focused there, I almost wonder if I ws to stick a >>>>>> DNS >>>>>> server on that IP if it would increase >>>>>> >>>>>> On Fri, Oct 9, 2015 at 8:08 AM, David <[email protected]> wrote: >>>>>> >>>>>>> DDOSDNS bot trying to find a live host for pushing responses. >>>>>>> >>>>>>> add rule >>>>>>> input udp dest-port 53 interface=to internet drop in your firewall >>>>>>> >>>>>>> hate those little bastards dont have anything else to do except do >>>>>>> what their programmed to do >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote: >>>>>>> >>>>>>> So I'm at home, turning up a subnet on a mikrotik on the network. >>>>>>> Mind you this subnet hasn't been in use in 6 months. This is for some >>>>>>> servers so I create a default deny policy with logging. One of the IPs >>>>>>> is >>>>>>> being hammered on port 53 udp per the packet sniffer. The IP isn't live, >>>>>>> its just dropping because of the policy. Its not much bandwidth but as >>>>>>> best >>>>>>> I can tell its constantl and different IPs. >>>>>>> >>>>>>> Is the packet sniffer on these things similar to tcpdump, the manual >>>>>>> page didn't seem so. All I can guess is these are part of something I'm >>>>>>> not >>>>>>> related to and since this IP hasn't been live in 6 months its spoofed or >>>>>>> something and these are some sort of response packet to a denial of >>>>>>> service >>>>>>> somewhere else. >>>>>>> but this subnet, not this particular IP, will house a couple DNS >>>>>>> servers, I just want to make sure theres no shenanigans going on before >>>>>>> I >>>>>>> turn anything up >>>>>>> Without being at the office to wireshark this from a switch, how do >>>>>>> I get more out of this mikrotik packet sniffer >>>>>>> >>>>>>> -- >>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>> team as part of yourself you have already failed as part of the team. >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> If you only see yourself as part of the team but you don't see your >>>>>> team as part of yourself you have already failed as part of the team. >>>>>> >>>>> >>>> >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
