Hi Paul, Here's a (hopefully helpful) list of the available interception options on MikroTik: 1. If you're running anything with a MikroTik switch chip you can mirror ports and use a capture server (basic catch all method) 2. The CALEA <http://wiki.mikrotik.com/wiki/CALEA> package is made to comply with US interception and reporting requirements (MikroTik specific, filtered capture) 3. Packet Sniffer and Streaming (which you can do in v6 from mangle rules rather than needing to leave the tool/winbox open) 4. Depending on the granularity of the request (have you been requested to provide full data or just src-address,dst-address,src-port,dst-port,timestamp) you could also use the Traffic Flow (NetFlow) option. - Andrew On 28 August 2014 10:15, Paul Julian <paul@oxygennetworks.com.au> wrote:
Thanks Mike, I did notice that you guys were now on the list :-) I think you were the day after or before us from memory.
Appreciate that, I suppose I was just going to go for the streaming option under tools but was just wondering if anybody was doing anything more fancy :-)
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 10:13 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Interception on Mikrotik
We also set up as licensed carrier this year ;)
It is my third license (did the license applications and management for two projects before this) using MikroTik equipment - I'll send you a copy of our interception capability plan.
Requirements are straightforward, not a great deal of detail is needed.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:58 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Interception on Mikrotik
Hi guys, we were recently granted a carrier license for another business and we are using a lot of Mikrotik equipment in that business for LNS's and wireless links etc, I was just wondering what method people used on a Mikrotik to satisfy the interception capability requirements and if anybody had any comments on which options were better than others.
Most people seem to intercept at the exit of their network, however in our case it's not that simple and we will probably need to provide interception points at each LNS and we have quite a few....so I am interested in what people's thoughts are on the options in this case.
Regards Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au