MikroTik

Hi All

Really need some advice with which Mikrotik Solution i should be looking at?

Client Scenario: I have a client site where i manage around 20 BackOffice pc's - this is a multi-vendor site with a combination of Till points, scales, cctv's etc connected to the lan.
All of a sudden my offsite backups for the server and desktops stopped going thru successfully and i found that on average 8.5g/b of data was been upload over the adsl router each day.

I am unable to see what device on the network is uploading this data (I have checked and It is not one of the BackOffice pc's i manage)

What can i implement that will allow me to see each device that is connected on the network and what amount of data it has uploaded to internet.

I was looking at purchasing a Mikrotik RB750R2 which i was advised to purchase by the local Mikrotik resellers in South Africa. Unfortunately they were unable to tell me how i would need to set it up to collect the data or even point me to a tutorial on how to do this.

Please can u advise if this unit would be sufficient to implement traffic analysis - and more importantly is there a tutorial on how to successfully set this up ?

Many Tx for your advice

Shane

I'm not aware of an accounting feature that the MikroTiks have "as such" within them that can tell you this information.
You could I guess set up a queue per client IP and then monitor the packet counters to see which is doing it or if you catch it in the act you can drill down into the router using "torch" and see what IP is causing it.

At the risk of some "anti"-mikrotik advice, something like Ubiquiti's Edgerouter range or USG has a DPI functionality which could do what you want and also draw a fairly easy to digest graph. A part of me wants to say PFsense can do this also but I may have only read that and certainly haven't actioned it.

Netflows would give you the clearest picture of what local IP is pushing that much data, as well as protocol, port, and destination. It is known as Traffic Flow in MikroTik. The MikroTik can export the flows, and you would need a collector. I've used NFSen, but can be a bit of a pain to setup, there is also NTop, but it may no longer be free, but was semi easy to setup. There are other opensource or free options, and a lot of paid for options.

Many Tx Guys - I will definitely look into both options going forward.

Shane

If you have a tik at the headend, you can just "torch" the traffic onsite to see a live picture of whats doing what to what IP

You can use https://wiki.mikrotik.com/wiki/Manual:IP/Accounting to do the accounting