Torch (Realtime Traffic Monitor)

Document revision:1.2 (Fri Mar 05 09:45:04 GMT 2004)
Applies to: V2.8

General Information

Summary

Realtime traffic monitor may be used to monitor the traffic flow through an interface.

Specifications

Packages required: system
License required: Level1
Submenu level: /tool
Standards and Technologies: none
Hardware usage: Not significant

Related Documents

Description

Realtime Traffic Monitor called also torch is used for monitoring traffic that is going through an interface. You can monitor traffic classified by protocol name, source address, destination address, port. Torch shows the protocols you have chosen and mean transmitted and received data rate for each of them.

The Torch Command

Command name: /tool torch

Property Description

interface (name) - the name of the interface to monitor

protocol (any | any-ip | icmp | igmp | ipip | ospf | pup | tcp | udp | integer) - the name or number of the protocol
any - any ethernet or IP protocol
any-ip - any IP protocol

port (name | integer) - the name or number of the port

source-address (IP address mask) - source address and network mask to filter the traffic only with such an address, any source address: 0.0.0.0/0

destination-address (IP address mask) - destination address and network mask to filter the traffic only with such an address, any destination address: 0.0.0.0/0

Notes

If there will be specific port given, then only tcp and udp protocols will be filtered, i.e., the name of the protocol can be any, any-ip, tcp, udp.

Except TX and RX, there will be only the field you've specified in command line in the command's output (e.g., you will get PROTOCOL column only in case if protocol property is explicitly specified).

Example

The following example monitors the traffic that goes through the ether1 interface generated by telnet protocol:

[admin@MikroTik] tool> torch ether1 port=telnet
 SRC-PORT                     DST-PORT                     TX         RX
 1439                         23 (telnet)                  1.7kbps    368bps

[admin@MikroTik] tool>

To see what IP protocols are going through the ether1 interface:

[admin@MikroTik] tool> torch ether1 protocol=any-ip
 PRO.. TX         RX
 tcp   1.06kbps   608bps
 udp   896bps     3.7kbps
 icmp  480bps     480bps
 ospf  0bps       192bps

[admin@MikroTik] tool>

To see what IP protocols are interacting with 10.0.0.144/32 host connected to the ether1 interface:

[admin@MikroTik] tool> torch ether1 src-address=10.0.0.144/32 protocol=any
 PRO.. SRC-ADDRESS     TX         RX
 tcp   10.0.0.144      1.01kbps   608bps
 icmp  10.0.0.144      480bps     480bps

[admin@MikroTik] tool>

To see what tcp/udp protocols are going through the ether1 interface:

[admin@MikroTik] tool> torch ether1 protocol=any-ip port=any
 PRO.. SRC-PORT                  DST-PORT                  TX         RX
 tcp   3430                      22 (ssh)                  1.06kbps   608bps
 udp   2812                      1813 (radius-acct)        512bps     2.11kbps
 tcp   1059                      139 (netbios-ssn)         248bps     360bps
[admin@MikroTik] tool>

© Copyright 1999-2006, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registered trademarks mentioned herein are properties of their respective owners.