...
| Note | ||
|---|---|---|
| ||
Packet sampling is available since in RouterOS v7.1rc5! |
In the following example:
...
Sub-menu: /ip traffic-flow ipfix
Allows to customize flow records
| Property | Description |
|---|---|
| bytes | Total number of bytes processed in the flow. |
| ip-total-lenght | Length of the IP packet in bytes. |
| src-address | Source The source IP address of the flow. |
| dst-address | Destination The destination IP address of the flow. |
| ipv6-flow-label | Label field from an IPv6 header, used to classify flows. |
| src-address-mask | Network mask for the source address, useful in summarizing data. |
| dst-address-mask | Network mask for the destination address. |
| is-multicast | Indicates whether the flow is a multicast flow. |
| src-mac-address | Source MAC address. |
| dst-mac-address | Destination MAC address. |
| last-forwarded | Timestamp of the last packet forwarded in a flow. |
| src-port | Source port number. |
| dst-port | Destination port number. |
| nat-dst-address | Translated destination IP address by NAT. |
| sys-init-time | System initialization time, can be used for timing analysis. |
| first-forwarded | Timestamp of the first packet forwarded in a flow. |
| nat-dst-port | Translated destination port number by NAT. |
| tcp-ack-num | Acknowledgment number in a TCP connection. |
| gateway | IP address of the gateway through which the flow was routed. |
| nat-events | Events related to Network Address Translation for the flow. |
| tcp-flags | Flags from the TCP header (e.g., SYN, ACK). |
| icmp-code | ICMP code for error messaging and operational information. |
| nat-src-address | Translated source IP address by NAT. |
| icmp-type | Type of ICMP message, important for diagnostic messages. |
| nat-src-port | Translated source port number by NAT. |
| tcp-seq-num | Sequence number in a TCP connection. |
| tcp-window-size | Window size in a TCP connection, indicating the scale of received data buffering. |
| igmp-type | Type of Internet Group Management Protocol operation. |
| out-interface | Interface through which packets of the flow are sent out. |
| in-interface | Interface through which packets of the flow are received. |
| packets | Number of packets processed in the flow. |
| ip-header-length | Length of the IP header. |
| protocol | Protocol number (e.g., TCP, UDP, ICMP). |
| tos | Type of Service field in the IP header, indicating priority and handling of the packet. |
| ttl | Time To Live for the packet, decremented by each router to prevent infinite loops. |
| udp-length | Length of the UDP payload. |
...
For example, you set up a mirror port on a switch, connect the mirror port to a router, and set traffic flow to count mirrored packets. Unfortunately, such a setup will not work, because mirrored packets are dropped before they reach the input chain.
...
| Code Block | ||
|---|---|---|
| ||
[admin@MikroTik] ip traffic-flow> set enabled=yes
[admin@MikroTik] ip traffic-flow> print
enabled: yes
interfaces: all
cache-entries: 1k
active-flow-timeout: 30m
inactive-flow-timeout: 15s
[admin@MikroTik] ip traffic-flow> |
Specify the IP address and port of the host, which will receive Traffic-Flow packets:
...