...
Note | ||
---|---|---|
| ||
Packet sampling is available since in RouterOS v7.1rc5! |
In the following example:
...
Sub-menu: /ip traffic-flow ipfix
Allows to customize flow records
Property | Description |
---|---|
bytes | Total number of bytes processed in the flow. |
ip-total-lenght | Length of the IP packet in bytes. |
src-address | Source The source IP address of the flow. |
dst-address | Destination The destination IP address of the flow. |
ipv6-flow-label | Label field from an IPv6 header, used to classify flows. |
src-address-mask | Network mask for the source address, useful in summarizing data. |
dst-address-mask | Network mask for the destination address. |
is-multicast | Indicates whether the flow is a multicast flow. |
src-mac-address | Source MAC address. |
dst-mac-address | Destination MAC address. |
last-forwarded | Timestamp of the last packet forwarded in a flow. |
src-port | Source port number. |
dst-port | Destination port number. |
nat-dst-address | Translated destination IP address by NAT. |
sys-init-time | System initialization time, can be used for timing analysis. |
first-forwarded | Timestamp of the first packet forwarded in a flow. |
nat-dst-port | Translated destination port number by NAT. |
tcp-ack-num | Acknowledgment number in a TCP connection. |
gateway | IP address of the gateway through which the flow was routed. |
nat-events | Events related to Network Address Translation for the flow. |
tcp-flags | Flags from the TCP header (e.g., SYN, ACK). |
icmp-code | ICMP code for error messaging and operational information. |
nat-src-address | Translated source IP address by NAT. |
icmp-type | Type of ICMP message, important for diagnostic messages. |
nat-src-port | Translated source port number by NAT. |
tcp-seq-num | Sequence number in a TCP connection. |
tcp-window-size | Window size in a TCP connection, indicating the scale of received data buffering. |
igmp-type | Type of Internet Group Management Protocol operation. |
out-interface | Interface through which packets of the flow are sent out. |
in-interface | Interface through which packets of the flow are received. |
packets | Number of packets processed in the flow. |
ip-header-length | Length of the IP header. |
protocol | Protocol number (e.g., TCP, UDP, ICMP). |
tos | Type of Service field in the IP header, indicating priority and handling of the packet. |
ttl | Time To Live for the packet, decremented by each router to prevent infinite loops. |
udp-length | Length of the UDP payload. |
...
For example, you set up a mirror port on a switch, connect the mirror port to a router, and set traffic flow to count mirrored packets. Unfortunately, such a setup will not work, because mirrored packets are dropped before they reach the input chain.
...
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] ip traffic-flow> set enabled=yes [admin@MikroTik] ip traffic-flow> print enabled: yes interfaces: all cache-entries: 1k active-flow-timeout: 30m inactive-flow-timeout: 15s [admin@MikroTik] ip traffic-flow> |
Specify the IP address and port of the host, which will receive Traffic-Flow packets:
...