hi kids, this is your dad, huahuanjayy wkwkwk, Nuenomaru the handsome is back in action.
Today, I'm back with a simple little article, Just like the title says, "Who’s the Culprit? Digging Into Network Loops with MikroTik Packet Sniffer".
Everything was quiet, then suddenly the network traffic spiked. No need to panic, let’s analyze it slowly together.
For this case, I’m using a MikroTik router.
If you’re on a different brand, no worries, as long as you can export a PCAP file.
We’ll analyze it later using Wireshark. You can download Wireshark from the link below touch me babby :*
1 Log in to your MikroTik or router.
2 Go to the Tools menu, then select Packet Sniffer.
3 A Packet Sniffer Settings pop-up will appear>click the Filter menu.
4 Choose the interface you want to sniff.
5 Then go to the General menu and adjust the memory limit, filename, and file limit based on your needs.
6 Click Apply, then Start. Once you think you’ve captured enough traffic, click Stop.
7 The captured file will appear in the Files menu.
Okay, once the file is ready, open it in Wireshark.
Try looking for broadcast traffic by filtering DHCP or ARP, or watch for destination IPs or MAC addresses that keep showing up.
And boom, there’s the troublemaker.
In this case, a MAC address was flooding the network with ARP packets.
Next, because this is your network, you can trace where that device lives in the network and deal with it however you like. Hahaha alright, that’s a wrap for today’s article—my coffee’s gone, so that’s my cue to stop typing.
Let’s end this with a Bismillah at the start and an Alhamdulillah at the finish. Catch you next time, tech gembelers!.
./Nuenomaru
EmoticonEmoticon