Community discussions

MikroTik App
  4. RouterOS
  5. General

How to count network usage per ip with my rOS

Post Reply
 
User avatar
leostereo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Oct 18, 2012 11:36 pm
Location: mendoza , argentina
Contact:
Contact leostereo

How to count network usage per ip with my rOS

Tue Jul 21, 2020 6:34 pm

Hi guys:
Im running a simple dhcp / router / nat config on my mikrotik rb CCR1036.
I have 1000 users connected behind this router.
Is there some way to monitor network usage (bytes,bits or packets) per destination ip ?
Main idea is to detect legitimate users providing service to not legitimate users.
Im reading about ip/accounting module but , not sure if it used for this.
any idea would be wellcome.


some ideas I have:
a) Create a port mirror and analize this traffic with other capable tool (like linux iptables)
b) Use netflow collector to find max and min bytes.
Regards.
Leandro.
Top
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1570
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:
Contact k6ccc

Re: How to count network usage per ip with my rOS

Tue Jul 21, 2020 8:37 pm

For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would not be overly practical for monitoring hundreds or thousands of IPs. The two rules below will give packet and byte counts for packets to and from the address 192.168.104.41
Code: Select all
add action=passthrough chain=forward comment=\
    "Counter for inbound packets towards CRC Johnstone DMR on VLAN 104." \
    connection-state="" dst-address=192.168.104.41 out-interface=VLAN_104
add action=passthrough chain=forward comment=\
    "Counter for outbound packets from CRC Johnstone DMR on VLAN 104" \
    connection-state="" in-interface=VLAN_104 src-address=192.168.104.41

Looking at it in WinBox, shows that there is not much activity (not being used at this time)...
Image
Top
 
nicksniper2
just joined
Posts: 3
Joined: Tue Jul 09, 2019 8:23 pm

Re: How to count network usage per ip with my rOS

Thu Aug 31, 2023 7:45 am

For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would not be overly practical for monitoring hundreds or thousands of IPs. The two rules below will give packet and byte counts for packets to and from the address 192.168.104.41
Code: Select all
add action=passthrough chain=forward comment=\
    "Counter for inbound packets towards CRC Johnstone DMR on VLAN 104." \
    connection-state="" dst-address=192.168.104.41 out-interface=VLAN_104
add action=passthrough chain=forward comment=\
    "Counter for outbound packets from CRC Johnstone DMR on VLAN 104" \
    connection-state="" in-interface=VLAN_104 src-address=192.168.104.41

Looking at it in WinBox, shows that there is not much activity (not being used at this time)...
Image
Thank you very much!!! This is very simple and very practical idea!

Screenshot 2023-08-31 at 07.47.11.png
You do not have the required permissions to view the files attached to this post.
Top
Post Reply

Who is online

Users browsing this forum: Chaosphere64, Google [Bot], GoogleOther [Bot], rushlife and 47 guests
  4. RouterOS
  5. General