SlideShare a Scribd company logo

MikroTik Traffic Flow Monitoring with PRTG

D
DaudSulaeman2

Mikrotik Traffic Network Monitoring

Technology
1 of 43
Download to read offline
MikroTik Traffic Flow Network Monitoring / PRTG MikroTik User Meeting 26-January-2019 Beirut - Lebanon Khalil Chamseddine – khalil@tahandos.com
MikroTik RouterOS is rich in many features January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 2
About me, the MikroTik Certified Trainer • Name: Khalil Chamseddine • Experience: Software, Hardware and Networking • MikroTik Certified Trainer in Lebanon and Region: • MTCNA • MTCWE • MTCTCE • MTCUME • MTCRE • MTCIPv6 • MTCINE • Contact: • https://Tahandos.com • E-Mail: khalil@tahandos.com • Phone: +961-3-892792 January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 3
www.tahandos.com January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 4
Outline • Network Monitoring and FLOW • MikroTik Traffic Flow • MikroTik RouterOS and PRTG • How To, Step By Step • Sample Reporting January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 5
Simple question: What do we want to know? • Who is consuming the bandwidth? • From inside out • From outside in • What they are consuming? • Which protocols and services? • HTTP • Email • Video • Voice • Torrent • … January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 6
Simple question: Why do we want to know? • Identification / Solving • Traffic Classification • Flow-based detection • DoS Trace back • … • Traffic Analysis • Inter-AS traffic analysis • Reporting on application proxies • … • Accounting • Cross verification from other sources • … January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 7
Simple question: What do we need to get? • Nice presented reports that shows clear situation January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 8
How we are supposed to know it? • Observation Point / Interface • Flow Exporter: Exports Flow Records • Flow Collector: Receives Flow Records / present them nicely January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 9
Bandwidth Monitoring Alternatives • Bandwidth monitoring is a method for measuring the actual bandwidth available on a local system • SNMP • Usually it is considered lighter than other options • Gets total amount of traffic and some layer 2 and layer 3 statistics like number of errors, number of broadcasts… • Packet Sniffer • … • xFlow January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 10
General Flow Definition • A flow is defined as a set of packets having common properties: • one or more packet header fields (e.g. destination IP address, transport header field), • one or more characteristics of the packet • … • a packet belongs to a flow record if it completely matches all defined flow properties. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 11
Flow Exporting Protocols • CISCO NetFlow • Juniper… • HPE… • IETF IPFIX • MikroTik Traffic Flow • a system that provides statistic information about packets which pass through the router. • network monitoring and accounting • identify various problems that may occur in the network • analyze, optimize the overall network performance • MikroTik Traffic-Flow is compatible with Cisco NetFlow, it can be used with various utilities which are designed for Cisco's NetFlow. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 12
NetFlow Flow definition • NetFlow defines a flow as the combination of the following seven key-fields: • Source IP address. • Destination IP address. • Source port number. • Destination port number. • Layer 3 protocol type. • ToS byte • Logical interface, whether input (ingress) or output (egress) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 13
Flow formats • Differ in the format of the export massage • Version 1 - never use it  • Version 5 – limited to inbound traffic (ingress) and IPv4. • Version 9 - a new format which can be extended with new fields and record types because of its template-style design • Version 9 is independent of the underlying transport protocol whether it is TCP, UDP, or SCTP • Support for IPv6 and bi-directional flows (ingress and egress) • Support for MPLS/VLAN… January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 14
IPFIX: IP Flow Information Export • IETF: Internet Engineering Task Force • IPFIX: Official Standard for all flow technologies • Sometimes described as NetFlow Version 10 • used CISCO NetFlow version 9 as a base • common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing • defines how IP flow information is to be formatted and transferred from an exporter to a collector • IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 15
MikroTik IPFIX • MikroTik Traffic Flow template January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 16
How To • Configure the Exporter (MikroTik) • Configure the Flow Record (MikroTik) • Apply it to the Interface (MikroTik) • Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 17
How we are supposed to know it? • Observation Point / Interface • Flow Exporter: MikroTik RouterBoard • Flow Collector: PRTG January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 18
January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 19 Exporter Collector Observation Points
PRTG, the collector • PRTG Network Monitor • PRTG: Paessler Router Traffic Grapher • Agentless network monitoring software • German Company: Paessler AG • First release: 2003 • PRTG is a full-service monitoring solution • It can monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 20
PRTG, the collector • Sensors • over 200 different predefined sensors • application sensors and hardware-specific sensors • Web Interface and Desktop Client • AJAX-based web interface • desktop application for Windows and macOS (beta status) • Notifications and Reports • Email and SMS • push notification on smartphones using an app • customizable reports • Pricing • based on sensors • 100 integrated sensors is available free of charge • Usually, each MikroTik Traffic-Flow device represents one sensor January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 21
PRTG, IPFIX Sensor • The IPFIX sensor receives traffic data from MikroTik Traffic- Flow and shows traffic by type. It filters traffic into different channels: • Chat (IRC, AIM) • Citrix • FTP/P2P (file transfer) • Infrastructure (network services: DHCP, DNS, Ident, ICMP, SNMP) • Mail (mail traffic: IMAP, POP3, SMTP) • NetBIOS • Remote control (RDP, SSH, Telnet, VNC) • WWW (web traffic: HTTP, HTTPS) • Total traffic • Other protocols (other UDP and TCP traffic) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 22
PRTG Download and Install • Go to https://www.paessler.com/ • Download PRTG (prtg.zip) and extract it; save the License name and key in a text file for later use • Run the executable install. Steps are easy to follow. • Enter an email address to receive alerts • When installation is complete • Login, Watch the video that pops up, change the password, set the SSL; it is yours to discover.. A lot of helping pop ups.. Read and follow.. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 23
PRTG First things first • PRTG auto discovery will attempt to discover your network and create a sensor for each probe it discovers • Wait till auto-discovery finishes. Review the discovered devices and the created sensors. You will see a lot of sensors: ping, DNS, HTTP, SSL …. • Better to stop auto-discovery: Automatic auto-discovery is set on group or device level. You can change it in your group's or device's settings, section Group Type or Device Type, setting Sensor Management. • Delete all the sensors discovered automatically because PRTG is free for the first 100 sensors only • You can disable the initial auto-discovery in a fresh PRTG installation. Simply run the installer in command prompt and add /NoInitialAutoDisco=1 as parameter January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 24
How To • Configure the Exporter (MikroTik) • Configure the Flow Record (MikroTik) • Apply it to the Interface (MikroTik) • Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 25
January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 26 Exporter: MikroTik Collector: PRTG Observation Points: MikroTik Interfaces
MikroTik Traffic Flow Configuration January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 27
MikroTik Traffic Flow Configuration • /ip traffic-flow set • #Settings for the exporter • interfaces=bridgeWiFi • #interfaces which will be used to gather statistics for traffic-flow • cache-entries=2k • #flows which can be in router's memory simultaneously • active-flow-timeout=30m • #maximum life-time of a flow • inactive-flow-timeout=15s • #how long to keep the flow active • enabled=yes • /ip traffic-flow target • #Settings for the collector • add disabled=no • dst-address=10.111.222.44 • port=1234 • src-address=0.0.0.0 • v9-template-refresh=20 • v9-template-timeout=30m • version=ipfix January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 28
PRTG: Configure the Flow Monitor • Select Add sensor • Create a new device if necessary or use existing device • Usually the MikroTik RouterBoard is already discovered under network infrastructure • Select Sensor type IPFIX • Set the sensor settings. Most important: • Sensor Name • UDP Port • Active Flow Timeout January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 29
Add a sesnor January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 30
Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 31
Sensor Overview January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 32
PRTG: Add Top lists • PRTG comes with primary top lists • Top Talkers • Top Connections • Top Protocols • Custom Toplist January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 33
Sensor Overview January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 34
Sensor Channels January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 35
Sensor Live Data January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 36
Sensor Live Data January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 37
Sensor Live Data Detailed list January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 38
Top Connections January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 39
Top Connections Detailed List January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 40
Top Protocols January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 41
Top Protocols details January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 42
Thank you  Questions? January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 43

Recommended

BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Introduction IOT/M2M
Introduction IOT/M2MIntroduction IOT/M2M
Introduction IOT/M2MLeKhanhAnh
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxAngel Garcia
 
17 - Building small network.pdf
17 - Building small network.pdf17 - Building small network.pdf
17 - Building small network.pdfPhiliphaHaldline
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxThomasGraf40
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptxssuserf7cd2b
 
SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1Dr. Mohieddin Moradi
 

Recommended

BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Introduction IOT/M2M
Introduction IOT/M2MIntroduction IOT/M2M
Introduction IOT/M2MLeKhanhAnh
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxAngel Garcia
 
17 - Building small network.pdf
17 - Building small network.pdf17 - Building small network.pdf
17 - Building small network.pdfPhiliphaHaldline
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxThomasGraf40
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptxssuserf7cd2b
 
SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1Dr. Mohieddin Moradi
 
unit 2.pdf
unit 2.pdfunit 2.pdf
unit 2.pdfSupratimNandi3
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbertPROFIBUS and PROFINET InternationaI - PI UK
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy WilliamsPROFIBUS and PROFINET InternationaI - PI UK
 
It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9newbie2019
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams PROFIBUS and PROFINET InternationaI - PI UK
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdfPROFIBUS and PROFINET InternationaI - PI UK
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Technology Services
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
 
Lesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BLesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BMahmmoud Mahdi
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customerMarie-Agnès PONS
 
Webinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP seguraWebinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP seguraEmbarcados
 
What is IMS?
What is IMS?What is IMS?
What is IMS?Kent Loh
 
Lepton software network access
Lepton software network accessLepton software network access
Lepton software network accessShruti M
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer vilss
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX WebinarKatie Hyman
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
iCAM
iCAMiCAM
iCAMSamar Sharma
 
An assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain appsAn assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain appsPokala Sai
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

More Related Content

Similar to MikroTik Traffic Flow Monitoring with PRTG

It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9newbie2019
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
 
Lesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BLesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BMahmmoud Mahdi
 
Webinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP seguraWebinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP seguraEmbarcados
 
What is IMS?
What is IMS?What is IMS?
What is IMS?Kent Loh
 
Lepton software network access
Lepton software network accessLepton software network access
Lepton software network accessShruti M
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer vilss
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX WebinarKatie Hyman
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
An assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain appsAn assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain appsPokala Sai
 

Similar to MikroTik Traffic Flow Monitoring with PRTG (20)

unit 2.pdf
unit 2.pdfunit 2.pdf
unit 2.pdf
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
 
It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INT
 
Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
 
Lesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BLesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing B
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
 
Webinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP seguraWebinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP segura
 
What is IMS?
What is IMS?What is IMS?
What is IMS?
 
Lepton software network access
Lepton software network accessLepton software network access
Lepton software network access
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX Webinar
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
iCAM
iCAMiCAM
iCAM
 
An assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain appsAn assessment of internet of things protocols for constrain apps
An assessment of internet of things protocols for constrain apps
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

MikroTik Traffic Flow Monitoring with PRTG

  • 1. MikroTik Traffic Flow Network Monitoring / PRTG MikroTik User Meeting 26-January-2019 Beirut - Lebanon Khalil Chamseddine – khalil@tahandos.com
  • 2. MikroTik RouterOS is rich in many features January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 2
  • 3. About me, the MikroTik Certified Trainer • Name: Khalil Chamseddine • Experience: Software, Hardware and Networking • MikroTik Certified Trainer in Lebanon and Region: • MTCNA • MTCWE • MTCTCE • MTCUME • MTCRE • MTCIPv6 • MTCINE • Contact: • https://Tahandos.com • E-Mail: khalil@tahandos.com • Phone: +961-3-892792 January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 3
  • 4. www.tahandos.com January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 4
  • 5. Outline • Network Monitoring and FLOW • MikroTik Traffic Flow • MikroTik RouterOS and PRTG • How To, Step By Step • Sample Reporting January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 5
  • 6. Simple question: What do we want to know? • Who is consuming the bandwidth? • From inside out • From outside in • What they are consuming? • Which protocols and services? • HTTP • Email • Video • Voice • Torrent • … January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 6
  • 7. Simple question: Why do we want to know? • Identification / Solving • Traffic Classification • Flow-based detection • DoS Trace back • … • Traffic Analysis • Inter-AS traffic analysis • Reporting on application proxies • … • Accounting • Cross verification from other sources • … January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 7
  • 8. Simple question: What do we need to get? • Nice presented reports that shows clear situation January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 8
  • 9. How we are supposed to know it? • Observation Point / Interface • Flow Exporter: Exports Flow Records • Flow Collector: Receives Flow Records / present them nicely January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 9
  • 10. Bandwidth Monitoring Alternatives • Bandwidth monitoring is a method for measuring the actual bandwidth available on a local system • SNMP • Usually it is considered lighter than other options • Gets total amount of traffic and some layer 2 and layer 3 statistics like number of errors, number of broadcasts… • Packet Sniffer • … • xFlow January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 10
  • 11. General Flow Definition • A flow is defined as a set of packets having common properties: • one or more packet header fields (e.g. destination IP address, transport header field), • one or more characteristics of the packet • … • a packet belongs to a flow record if it completely matches all defined flow properties. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 11
  • 12. Flow Exporting Protocols • CISCO NetFlow • Juniper… • HPE… • IETF IPFIX • MikroTik Traffic Flow • a system that provides statistic information about packets which pass through the router. • network monitoring and accounting • identify various problems that may occur in the network • analyze, optimize the overall network performance • MikroTik Traffic-Flow is compatible with Cisco NetFlow, it can be used with various utilities which are designed for Cisco's NetFlow. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 12
  • 13. NetFlow Flow definition • NetFlow defines a flow as the combination of the following seven key-fields: • Source IP address. • Destination IP address. • Source port number. • Destination port number. • Layer 3 protocol type. • ToS byte • Logical interface, whether input (ingress) or output (egress) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 13
  • 14. Flow formats • Differ in the format of the export massage • Version 1 - never use it  • Version 5 – limited to inbound traffic (ingress) and IPv4. • Version 9 - a new format which can be extended with new fields and record types because of its template-style design • Version 9 is independent of the underlying transport protocol whether it is TCP, UDP, or SCTP • Support for IPv6 and bi-directional flows (ingress and egress) • Support for MPLS/VLAN… January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 14
  • 15. IPFIX: IP Flow Information Export • IETF: Internet Engineering Task Force • IPFIX: Official Standard for all flow technologies • Sometimes described as NetFlow Version 10 • used CISCO NetFlow version 9 as a base • common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing • defines how IP flow information is to be formatted and transferred from an exporter to a collector • IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 15
  • 16. MikroTik IPFIX • MikroTik Traffic Flow template January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 16
  • 17. How To • Configure the Exporter (MikroTik) • Configure the Flow Record (MikroTik) • Apply it to the Interface (MikroTik) • Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 17
  • 18. How we are supposed to know it? • Observation Point / Interface • Flow Exporter: MikroTik RouterBoard • Flow Collector: PRTG January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 18
  • 19. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 19 Exporter Collector Observation Points
  • 20. PRTG, the collector • PRTG Network Monitor • PRTG: Paessler Router Traffic Grapher • Agentless network monitoring software • German Company: Paessler AG • First release: 2003 • PRTG is a full-service monitoring solution • It can monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 20
  • 21. PRTG, the collector • Sensors • over 200 different predefined sensors • application sensors and hardware-specific sensors • Web Interface and Desktop Client • AJAX-based web interface • desktop application for Windows and macOS (beta status) • Notifications and Reports • Email and SMS • push notification on smartphones using an app • customizable reports • Pricing • based on sensors • 100 integrated sensors is available free of charge • Usually, each MikroTik Traffic-Flow device represents one sensor January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 21
  • 22. PRTG, IPFIX Sensor • The IPFIX sensor receives traffic data from MikroTik Traffic- Flow and shows traffic by type. It filters traffic into different channels: • Chat (IRC, AIM) • Citrix • FTP/P2P (file transfer) • Infrastructure (network services: DHCP, DNS, Ident, ICMP, SNMP) • Mail (mail traffic: IMAP, POP3, SMTP) • NetBIOS • Remote control (RDP, SSH, Telnet, VNC) • WWW (web traffic: HTTP, HTTPS) • Total traffic • Other protocols (other UDP and TCP traffic) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 22
  • 23. PRTG Download and Install • Go to https://www.paessler.com/ • Download PRTG (prtg.zip) and extract it; save the License name and key in a text file for later use • Run the executable install. Steps are easy to follow. • Enter an email address to receive alerts • When installation is complete • Login, Watch the video that pops up, change the password, set the SSL; it is yours to discover.. A lot of helping pop ups.. Read and follow.. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 23
  • 24. PRTG First things first • PRTG auto discovery will attempt to discover your network and create a sensor for each probe it discovers • Wait till auto-discovery finishes. Review the discovered devices and the created sensors. You will see a lot of sensors: ping, DNS, HTTP, SSL …. • Better to stop auto-discovery: Automatic auto-discovery is set on group or device level. You can change it in your group's or device's settings, section Group Type or Device Type, setting Sensor Management. • Delete all the sensors discovered automatically because PRTG is free for the first 100 sensors only • You can disable the initial auto-discovery in a fresh PRTG installation. Simply run the installer in command prompt and add /NoInitialAutoDisco=1 as parameter January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 24
  • 25. How To • Configure the Exporter (MikroTik) • Configure the Flow Record (MikroTik) • Apply it to the Interface (MikroTik) • Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 25
  • 26. January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 26 Exporter: MikroTik Collector: PRTG Observation Points: MikroTik Interfaces
  • 27. MikroTik Traffic Flow Configuration January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 27
  • 28. MikroTik Traffic Flow Configuration • /ip traffic-flow set • #Settings for the exporter • interfaces=bridgeWiFi • #interfaces which will be used to gather statistics for traffic-flow • cache-entries=2k • #flows which can be in router's memory simultaneously • active-flow-timeout=30m • #maximum life-time of a flow • inactive-flow-timeout=15s • #how long to keep the flow active • enabled=yes • /ip traffic-flow target • #Settings for the collector • add disabled=no • dst-address=10.111.222.44 • port=1234 • src-address=0.0.0.0 • v9-template-refresh=20 • v9-template-timeout=30m • version=ipfix January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 28
  • 29. PRTG: Configure the Flow Monitor • Select Add sensor • Create a new device if necessary or use existing device • Usually the MikroTik RouterBoard is already discovered under network infrastructure • Select Sensor type IPFIX • Set the sensor settings. Most important: • Sensor Name • UDP Port • Active Flow Timeout January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 29
  • 30. Add a sesnor January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 30
  • 31. Configure the Flow Monitor (PRTG) January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 31
  • 32. Sensor Overview January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 32
  • 33. PRTG: Add Top lists • PRTG comes with primary top lists • Top Talkers • Top Connections • Top Protocols • Custom Toplist January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 33
  • 34. Sensor Overview January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 34
  • 35. Sensor Channels January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 35
  • 36. Sensor Live Data January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 36
  • 37. Sensor Live Data January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 37
  • 38. Sensor Live Data Detailed list January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 38
  • 39. Top Connections January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 39
  • 40. Top Connections Detailed List January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 40
  • 41. Top Protocols January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 41
  • 42. Top Protocols details January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 42
  • 43. Thank you  Questions? January-2019 MikroTik MUM Beirut 2019 - Khalil Chamseddine - Tahandos.com 43