One of the questions I get asked a lot is how can I identify the user who is congesting my network on a Mikrotik router. The Mikrotik routerOS has an in-built feature that allows network administrators to identify the source of network traffic congestion. The Mikrotik torch is a real-time traffic monitoring tools that allows a user to monitor traffics on an interface.
When using the Mikrotik torch feature, a user can select an interface to monitor and choose attributes to be included in the report. These attributes include: source and destination IP, source and destination IPv6, Mac protocol, Protocol, Vlan ID, port and DSCP. As handy as this tool is, most users have found it difficult to use simply because of limited materials on its usage.
How to run a mikrotik torch
Let’s consider a network of 3Mbps that is fully congested. The administrator wants to identify the user currently congesting the network. To do this, the administrator must identify and torch the LAN interface on the Mikrotik router. Since the source and destination IP, by default, have been included in the attributes that should be selected when running a torch on a Mikrotik router, the administrator, must then include the protocol. See the command below:
/tool torch interface=ether5 port=any
From the image above, we can see that https packets are congesting the network. So we need to identy the source of this hppts packets. To do that, we will use the torch feature in the tools submenu in winbox. See below:
You may also like: Stop downloads on Mikrotik and punish offenders!!!
Choose the LAN interface, select the protocol and port, and click on start. The output will diplay sources and destination IPs, number of packets sent by each user and the amount of bandwidth consumed. The bandwidth is further divided into upload and download. While the TX rate stands for upload, the Rx rate stands for download. With this, we can identify the users responsible for network congestion based on the consumed bandwidth. With the source address of such users, the network administrator can then configure queue that will stop them from congesting the network. click here for how to configure dynamic queu in Mikrotik.