Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Using protocol analyzer on mikrotik

931 views

Published on

In this webinar, we were discussing about layered network, protocols, protocol analyzer, and why those were designed like that. we discussed several features on mikrotik RouterOS that can be used as traffic sniffer to capture flowing packets.

the recording is available on youtube (GLC NETWORKS CHANNEL): https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg

Published in: Internet
  • Be the first to comment

Using protocol analyzer on mikrotik

  1. 1. www.glcnetworks.com Using protocol analyzer on GLC webinar, 20 april 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
  2. 2. www.glcnetworks.com Agenda ● Introduction ● Protocol suite ● Mikrotik protocol analyzer ● Demo ● Q & A 2
  3. 3. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor 3
  4. 4. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  5. 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999 ● Mikrotik user since 2007 ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE) ● Mikrotik Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  6. 6. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  7. 7. www.glcnetworks.com What is Mikrotik? ● Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia 7
  8. 8. www.glcnetworks.com What are mikrotik products? ● Router OS ○ The OS. Specialized for networking ○ Website: www.mikrotik.com/download ● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com 8
  9. 9. www.glcnetworks.com What Router OS can do? ● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter 9
  10. 10. www.glcnetworks.com What are Mikrotik training & certifications? 10 Certificate validity is 3 years
  11. 11. www.glcnetworks.com Protocol suites 11
  12. 12. www.glcnetworks.com 7 OSI layer & protocol 12 ● OSI layer Is a conceptual model from ISO (International Standard Organization) for project OSI (Open System Interconnection) ● When you send a message with a courier, you need to add more info to get your message arrived at the destination (This process is called encapsulation) ● What is protocol ○ Is a set of rules for communication ○ Available on each layer ● Communication consist of series encapsulation ○ SDU: service data unit (before PDU) ○ PDU: protocol data unit (after header is added)
  13. 13. www.glcnetworks.com Layered model (TCP/IP vs ISO) and encapsulation 13 / datagram
  14. 14. www.glcnetworks.com Layer 4 header (which one is TCP?) 14
  15. 15. www.glcnetworks.com Layer 3 header (which one is IPv4?) 15
  16. 16. www.glcnetworks.com Ethernet header (which is the MTU?) 16
  17. 17. www.glcnetworks.com 802.11 header 17
  18. 18. www.glcnetworks.com Did you notice? ● There is a big overhead on encapsulation process ● More encapsulation means less payload? 18
  19. 19. www.glcnetworks.com Layer 2 vs Layer 3 addressing 19 Layer 2 Layer 3 ● Using MAC as address ● Burned-in address ● Unique for every physical port ● Consist of 48bit binary, written in HEX format. 1 HEX = 4 bit ● 6 first HEX digit -> represent the manufacturer ● Logical address ● 2 versions: IPv4 (our focus) and IPv6 ● IPv4 32 bit long ● Consist of network part & host part ● Can be class based IP address (without subnet) ● Now it is classless IP address -> VLSM (variable length subnet mask) ● CIDR (classless inter domain routing)
  20. 20. www.glcnetworks.com IP spec (RFC 791) ● Defined long time ago (what 1981?) ● Defines how the IP header looks like ● Still used up to know ● New version -> IPv6 20
  21. 21. www.glcnetworks.com Protocol analyzer 21
  22. 22. www.glcnetworks.com What is a protocol analyzer? 22 Is a software / hardware that is able to: ● Capture packets on interface ● Parsing the protocol inside a frame ● Do some analytical tasks ● And display the result on an output devices Examples: ● Wireshark (defacto software) ● Tektronix ● etc
  23. 23. www.glcnetworks.com Why use protocol analyzer? ● Troubleshooting (#1 reason) ● Testing ● learning 23
  24. 24. www.glcnetworks.com Protocol analyzer on mikrotik 24
  25. 25. www.glcnetworks.com /tool sniffer 25
  26. 26. www.glcnetworks.com /tool sniffer (packets, hosts, protocol) 26
  27. 27. www.glcnetworks.com /tool sniffer (streaming, filter) 27
  28. 28. www.glcnetworks.com /tool torch 28
  29. 29. www.glcnetworks.com Open capture file on wireshark 29
  30. 30. www.glcnetworks.com QA 30
  31. 31. www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 31
  32. 32. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 32

×