Mikrotik y Wireshark
Mikrotik y Wireshark
Mikrotik y Wireshark
(with) RouterOS
ƒ Company introduction
ƒ Network operation
the big picture
ƒ Management approaches
ƒ Network debugging
ƒ RouterOS debugging
FMS Internetservice GmbH
Value Added Distribution
FMS Internetservice GmbH
ƒ Founded 1997
ƒ 11 employees
ƒ Southern Germany
FMS Internetservice GmbH
5 year warranty & next day replacement 3km transmition & 10 years battery life
Network Operation – Big Picture
Challenges and Elements
The Challenge of Operation
ƒ Networks
ƒ Become larger
ƒ Become more complex
ƒ Require higher availability
ƒ Require effective security
Operational Tasks
ƒ Inventory
ƒ Management
ƒ Debugging
ƒ Maintenance
ƒ Monitoring
RouterOS
Debugging (Router) Debugging (Traffic and Network) Logging & 3rd Party Integration
ƒ Considerations
ƒ Security
ƒ Convenience
ƒ Efficiency
ƒ Common Approaches
ƒ Separate management and user traffic
ƒ Management VLAN
ƒ Tunneling payload (e.g. PPPoE)
ƒ Tunneling of management (VPN)
Management Approaches
ƒ Detailed examples
ƒ RoMON
ƒ API (Application programming interface)
RoMON
ƒ Device discovery
ƒ Device access
Connect to RoMON
Winbox RoMON Agent RoMON enabled Router
ƒ Enable RoMON
ƒ Optional
ƒ Customize interface
configuration
RoMON Tools
ƒ Discovery
ƒ Ping
ƒ CLI: ssh
ƒ Winbox
Standard Tools in RoMON Network
Connected to
RoMON agent
3
Two hops to
RoMON 4 reach
discovery
through agent
Local Device Discovery across Routers
Connect to RoMON
Winbox RoMON Agent RoMON enabled Router
1
192.0.2.0/24 203.0.113.0/24 198.51.100.0/24
R1 R2
2
A11 A12 A21 A22 A31 A32
1 2
Remote RoMON Agent
ƒ Branch offices
ƒ Customer networks
Remote Network Discovery
RoMON Agent
Customer 1 RoMON
198.51.100.0/24 enabled
Operator devices
Winbox
INET
RoMON
Disable RoMON on WAN port 203.0.113.0/24
eth5 enabled
Customer 2
Security Considerations
ƒ Management VPN
ƒ VPN to reach RoMON agent
ƒ RoMON to reach remote devices
ƒ VLAN to limit RoMON locally
MikroTik API
Third Party
Access Points
RouterOS
RouterOS
192.168.40.10/24
Customer Site 2
RouterOS
192.168.40.10/24
Customer Site 2
RouterOS
192.168.40.10/24
FMS Management
Plattform
ƒ API to execute ping on
MikroTik site router
Local Retailer
NOC Customer Site 1
ERP / Captive DVR / MikroTik
Cash register Portal Surveillance Router
ƒ Things go wrong?
ƒ Real insight is necessary
ƒ Packet sniffing
ƒ De facto standard: Wireshark
ƒ RouterOS packet sniffer
MikroTik Packet Sniffer
ƒ General settings
ƒ Filter
ƒ Start/Stop
ƒ Streaming to Wireshark
Remote Packet Sniffing
Customer 1
Operator
INET 198.51.100.0/24
Packet Sniffer
Locally analyse packets from
a remote sniffer in real time
Sniffer Stream
ƒ Enable “Stream”
1
ƒ Set Wireshark host IP
ƒ Enable “Filter Stream”
1
Traffic Flow
ƒ Top talkers
ƒ Top protocols
ƒ Utilisation
Netflow Collector and Anlysis
xxxxxxxx
xxxxxxxx
xxxxxxxx
xxxxxxxx
xxxxxxxx
xxxxxxxx
Debugging RouterOS Installations
The other Needle in another (huge) Haystack
RouterOS Debugging
ƒ SNMP
ƒ Local logging
Log Output
Central Syslog
VRRP Setup
ƒ Example: Investigate VRRP change
ƒ Involved: Master, slave, crosslink
switch
FMS Management Platform
ƒ Central storage
ƒ Powerful search ?
ƒ Dashboards
ƒ Alerts
10.10.0.29
10.10.0.22
Enhanced Log Message Processing
1
ƒ Make syslog server system,error,critical login failure for user admin from 10.10.0.55 via web
understand message
ƒ Database fields
ƒ Search
ƒ Sorting
ƒ Analyse
ƒ Login Failure
Dashboard
Failed Logins including Username and Login Type
10.10.0.29
10.10.0.22
Get in Touch
RouterOS
+49 761 2926500 | sales@fmsweb.de | Web form Central
Management
Hosting
www.fmsweb.de | www.mikrotik-shop.de
Support Consulting
Service
Contracts Distribution
Thank You