Verbose is the default. There is a checkbox for headers only.
bp
<part15sbs{at}gmail{dot}com>
On 10/9/2015 12:57 PM, That One Guy /sarcasm wrote:
without dumping it to a server.
the sniffer doesnt seem to have a verbose option that ive read
On Fri, Oct 9, 2015 at 2:53 PM, Josh Luthman
<j...@imaginenetworksllc.com <mailto:j...@imaginenetworksllc.com>> wrote:
tools > sniffer
Josh Luthman
Office: 937-552-2340 <tel:937-552-2340>
Direct: 937-552-2343 <tel:937-552-2343>
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, Oct 9, 2015 at 3:52 PM, That One Guy /sarcasm
<thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
is there a way to get a tcpdump package onto mikrotik
On Fri, Oct 9, 2015 at 1:00 PM, Forrest Christian (List
Account) <li...@packetflux.com <mailto:li...@packetflux.com>>
wrote:
If you can capture the traffic, you may find that it is
legitimate traffic for a misconfigured domain. I.e. some
domain has their name servers listed including that ip.
A capture should show which domain the query is for.
I seem to recall the sniffer functionality in a mikrotik
will either decode this, or more likely save and/or
stream it so that you can use Wireshark on a PC to decode.
On Oct 9, 2015 9:12 AM, "That One Guy /sarcasm"
<thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>> wrote:
My policy on this interface is default deny, so it is
dropping them, but its still going on to just the one
IP out if the /28 subnet. I dont mind dropping them,
its not noticable bandwidth, I just cant figure out
why it is the traffic is focused there, I almost
wonder if I ws to stick a DNS server on that IP if it
would increase
On Fri, Oct 9, 2015 at 8:08 AM, David
<dmilho...@wletc.com <mailto:dmilho...@wletc.com>> wrote:
DDOSDNS bot trying to find a live host for pushing
responses.
add rule
input udp dest-port 53 interface=to internet drop
in your firewall
hate those little bastards dont have anything else
to do except do what their programmed to do
On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote:
So I'm at home, turning up a subnet on a mikrotik
on the network. Mind you this subnet hasn't been
in use in 6 months. This is for some servers so I
create a default deny policy with logging. One of
the IPs is being hammered on port 53 udp per the
packet sniffer. The IP isn't live, its just
dropping because of the policy. Its not much
bandwidth but as best I can tell its constantl
and different IPs.
Is the packet sniffer on these things similar to
tcpdump, the manual page didn't seem so. All I
can guess is these are part of something I'm not
related to and since this IP hasn't been live in
6 months its spoofed or something and these are
some sort of response packet to a denial of
service somewhere else.
but this subnet, not this particular IP, will
house a couple DNS servers, I just want to make
sure theres no shenanigans going on before I turn
anything up
Without being at the office to wireshark this
from a switch, how do I get more out of this
mikrotik packet sniffer
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part
of the team.
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
