Post Reply
- Print view
- zx128k
Frequent Visitor
- Posts: 67
- Joined: Wed Oct 16, 2013 12:24 pm
Topic Author
How to monitor global internet traffic and its source? need help
- Quote
- #1
Fri Jul 12, 2024 11:04 pm
Hi folks,
If it somehow possible in mikrotik router itself, or using some syslog server, how to get GEO IP Location information and traffic requested from various countries based on the ip address, and show this information?
We have connected several windows web servers to mikrotik router. This router has WAN interface which obviously connects to local as well as to global networks. In our case the global traffic is limited, and because of this our global clients experience connectivity issues. So we need to investigate the global link.
Any help is appreciated!!
Lev
Top
- jvanhambelgium
Forum Guru
- Posts: 1057
- Joined: Thu Jul 14, 2016 9:29 pm
- Location: Belgium
Re: How to monitor global internet traffic and its source? need help
- Quote
- #2
Fri Jul 12, 2024 11:48 pm
No you cannot do this on Mikrotik itself. You need to look at something like a Netflow collector or Splunk setup.
Depending on your level of expertise this might be pretty simple to setup or very hard...
There is very nice Splunk-app developed by forum user complete with all install-instructions etc.
viewtopic.php?t=179960
Top
- zx128k
Frequent Visitor
- Posts: 67
- Joined: Wed Oct 16, 2013 12:24 pm
Topic Author
Re: How to monitor global internet traffic and its source? need help
- Quote
- #3
Sat Jul 13, 2024 12:09 am
Does this splunk collect country information? I can't see any screenshot there. By the way, what if I import country ip lists in router and see which country is consuming more traffic?
Top
- anav
Forum Guru
- Posts: 20275
- Joined: Sun Feb 18, 2018 11:28 pm
- Location: Nova Scotia, Canada
- Contact:
Re: How to monitor global internet traffic and its source? need help
- Quote
- #4
Sat Jul 13, 2024 1:50 am
Countries dont contol traffic. Illegal hacking bots do........ and they can be from anywhere, or more to the point, its logical to assume that bots are no colocated with the those hacking and even if state sponsered hacking, likely they dont attempt to draw attention to themselves.
Much better to setup Zerotrust cloudflare in an options package........ BUT only if that existed.
Top
- Larsa
Forum Guru
- Posts: 1323
- Joined: Sat Aug 29, 2015 7:40 pm
- Location: The North Pole, Santa's Workshop
Re: How to monitor global internet traffic and its source? need help
- Quote
- #5
Sat Jul 13, 2024 2:25 am
@zx128k, you might also use the CALEA package for data collection. There are plenty of analysis tools available for that. There's also a built-in packet sniffer that while somewhat limited compared to CALEA is still pretty useful.
https://wiki.mikrotik.com/wiki/CALEA
EDIT:
@Jotne's Splunk solution is great and can easily be extended with geographical locations based on ASN data.
Top
- jvanhambelgium
Forum Guru
- Posts: 1057
- Joined: Thu Jul 14, 2016 9:29 pm
- Location: Belgium
Re: How to monitor global internet traffic and its source? need help
- Quote
- #6
Sat Jul 13, 2024 3:56 pm
We have connected several windows web servers to mikrotik router. This router has WAN interface which obviously connects to local as well as to global networks. In our case the global traffic is limited, and because of this our global clients experience connectivity issues. So we need to investigate the global link.
What do you mean ? It does not make sense this statement.
Why is "your global traffic limited" ? Who limits this traffic ?
And why do your global-clients experience connectivity issues ? This is something you need to take up with your ISP for sure.
You need to ask your customers for a TRACEROUTE towards the public IP/dns-name of your webserver in orde to make connectivity issues visible.
alternatively you can use some BGP-looking glasses around the world to check how "the world" perceives your IP-address/subnet
Top
- pe1chl
Forum Guru
- Posts: 10402
- Joined: Mon Jun 08, 2015 12:09 pm
Re: How to monitor global internet traffic and its source? need help
- Quote
- #7
Sat Jul 13, 2024 5:09 pm
Why is "your global traffic limited" ? Who limits this traffic ?
This is not a concept we know here or in Belgium, but in some parts of the world an ISP limits the amount (or bandwidth) of traffic that is going outside the local area.
So you could e.g. have "unlimited" traffic to the own country and maybe some in the local area, and "max 10GB/month" or "max 1MBps" traffic to other countries.
When you have that, you might want to know which traffic is going outside your area to see if you will hit that limit.
Top
- jvanhambelgium
Forum Guru
- Posts: 1057
- Joined: Thu Jul 14, 2016 9:29 pm
- Location: Belgium
Re: How to monitor global internet traffic and its source? need help
- Quote
- #8
Sat Jul 13, 2024 5:59 pm
Why is "your global traffic limited" ? Who limits this traffic ?
This is not a concept we know here or in Belgium, but in some parts of the world an ISP limits the amount (or bandwidth) of traffic that is going outside the local area.
So you could e.g. have "unlimited" traffic to the own country and maybe some in the local area, and "max 10GB/month" or "max 1MBps" traffic to other countries.
When you have that, you might want to know which traffic is going outside your area to see if you will hit that limit.
OK I see, yes we are taking our high quality, high speed Internet services here for granted
For the TS , if you are a bit into Linux it is not difficult to run the set of "pmacct" tools.
Also possible to have it on "Docker"
https://github.com/pmacct/pmacct
or the old website (will complain about the ssl-cert)
You can configure it to use the Maxmind GEO IP database to have some information on that.
Top
- sindy
Forum Guru
- Posts: 10273
- Joined: Mon Dec 04, 2017 9:19 pm
Re: How to monitor global internet traffic and its source? need help
- Quote
- #9
Sat Jul 13, 2024 10:41 pm
There is also another resource, https://github.com/ipverse/rir-ip/tree/master . Depending on the number of IP prefixes assigned to your country, the files may or may not fit into the variable size limit, which is 64 kBytes for RouterOS. If they do, you can load those files e.g. daily, parse the loaded data and use them to update an address list with a 24h timeout. So rows that have dropped out from the file since the last download will drop out from the address list automatically as they time out. The prefixes are aggregated, so you would have to test what happens if the newly added prefix is a subset/superset of an existing one and eventually handle such conflicts. Addresses that are not on the address list are international.
If the file for your country exceeds the 64 kB limit, you can still use it to create an address list, but you'll need an external resource to download and process the file.
Top
Post Reply
- Print view
Who is online
Users browsing this forum: Bing [Bot], fritzme, Majestic-12 [Bot], mrbyte and 90 guests