Are you looking for an inexpensive solution to gain visibility on your network? Traffic-Flow is a feature available on RouterOS by MikroTik. Traffic-Flow is comparable to Cisco’s NetFlow technology, providing statistical information about packets passing through the router. Traffic-Flow supports NetFlow formats: v1 (not recommend) , v5 (BGP, AS, and flow sequence support), and v9 (extend-able field and record type support); therefore, most NetFlow collectors, including Scrutinizer and similar, will listen for these flows.

RouterOS can be purchased by itself to run on a PC with two network interfaces, or you can purchase a RouterBoard, as I did, which will come with RouterOS loaded. You can run RouterOS in transparent bridge mode or as a router. If you run in bridge mode, all traffic exported will show as coming through one interface (the pass-through bridge), whereas, if run in router mode, you will get the different source and destination interface indexes and descriptions.

I bought the RB433AH and configured it to send flows to a Scrutinizer demo box. I have configured our RouterBoard as a bridge exporting Traffic-Flow v5 and placed this in-line between our firewall and core switch. As you can see in the screen capture below, the bridge information allows me to see traffic to and from our network. We are looking at the top 10 conversations for the last 5 minutes.

mikrotik-netflow

If you are currently running a network with devices that don’t support Cisco NetFlow, a RouterBoard for $145 is an inexpensive solution to give you the visibility you’ve been looking for.

Thomas

Thomas Pore is the Director of IT and Field Engineering at Plixer. He developed and leads, the Malware Incident Response and Advanced NetFlow Training programs which are being offered in cities across the USA. He is also an adjunct professor at the local community college and teaches ethical hacking. Thomas travels the globe meeting with customers and trying improve the Scrutinizer network incident response system. He helps clients optimize threat detection strategies and aids in the configuration of custom incident response solutions. He has a Bachelor of Science in Computer Science from Dickinson College.

Related

Leave a Reply