MikroTik

Community discussions
https://forum.mikrotik.com/

How to count network usage per ip with my rOS

https://forum.mikrotik.com/viewtopic.php?t=163966

Page 1 of 1

How to count network usage per ip with my rOS

Posted: Tue Jul 21, 2020 6:34 pm
by leostereo
Hi guys:
Im running a simple dhcp / router / nat config on my mikrotik rb CCR1036.
I have 1000 users connected behind this router.
Is there some way to monitor network usage (bytes,bits or packets) per destination ip ?
Main idea is to detect legitimate users providing service to not legitimate users.
Im reading about ip/accounting module but , not sure if it used for this.
any idea would be wellcome.


some ideas I have:
a) Create a port mirror and analize this traffic with other capable tool (like linux iptables)
b) Use netflow collector to find max and min bytes.
Regards.
Leandro.

Re: How to count network usage per ip with my rOS

Posted: Tue Jul 21, 2020 8:37 pm
by k6ccc
For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would not be overly practical for monitoring hundreds or thousands of IPs. The two rules below will give packet and byte counts for packets to and from the address 192.168.104.41
Code: Select all
add action=passthrough chain=forward comment=\
    "Counter for inbound packets towards CRC Johnstone DMR on VLAN 104." \
    connection-state="" dst-address=192.168.104.41 out-interface=VLAN_104
add action=passthrough chain=forward comment=\
    "Counter for outbound packets from CRC Johnstone DMR on VLAN 104" \
    connection-state="" in-interface=VLAN_104 src-address=192.168.104.41

Looking at it in WinBox, shows that there is not much activity (not being used at this time)...
Image

Re: How to count network usage per ip with my rOS

Posted: Thu Aug 31, 2023 7:45 am
by nicksniper2
For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would not be overly practical for monitoring hundreds or thousands of IPs. The two rules below will give packet and byte counts for packets to and from the address 192.168.104.41
Code: Select all
add action=passthrough chain=forward comment=\
    "Counter for inbound packets towards CRC Johnstone DMR on VLAN 104." \
    connection-state="" dst-address=192.168.104.41 out-interface=VLAN_104
add action=passthrough chain=forward comment=\
    "Counter for outbound packets from CRC Johnstone DMR on VLAN 104" \
    connection-state="" in-interface=VLAN_104 src-address=192.168.104.41

Looking at it in WinBox, shows that there is not much activity (not being used at this time)...
Image
Thank you very much!!! This is very simple and very practical idea!

Screenshot 2023-08-31 at 07.47.11.png
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/