Torch (Realtime Traffic Monitor)

General Information
Summary

Realtime traffic monitor may be used to monitor the traffic flow through an interface.
Specifications
Packages required: system
License required: Level1
Submenu level: /tool
Standards and Technologies: none
Hardware usage: Not significant
Description

Realtime Traffic Monitor called also torch is used for monitoring traffic that is going through an interface. You can monitor traffic classified by protocol name, source address, destination address, port. Torch shows the protocols you have chosen and mean transmitted and received data rate for each of them.
The Torch Command
Command name: /tool torch
Property Description
(name) - the name of the interface to monitor

dst-address (IP address/netmask) - destination address and network mask to filter the traffic only with such an address, any destination address: 0.0.0.0/0

freeze-frame-interval (time) - time in seconds for which the screen output is paused

port (name | integer) - the name or number of the port

protocol (any | any-ip | ddp | egp | encap | ggp | gre | hmp | icmp | idpr-cmtp | igmp | ipencap | ipip | ipsec-ah | ipsec-esp | iso-tp4 | ospf | pup | rdp | rspf | st | tcp | udp | vmtp | xns-idp | xtp) - the name or number of the protocolany - any ethernet or IP protocol
any-ip - any IP protocol
any - any ethernet or IP protocol
any-ip - any IP protocol

src-address (IP address/netmask) - source address and network mask to filter the traffic only with such an address, any source address: 0.0.0.0/0

Notes

If there will be specific port given, then only tcp and udp protocols will be filtered, i.e., the name of the protocol can be any, any-ip, tcp, udp.

Except TX and RX, there will be only the field you've specified in command line in the command's output (e.g., you will get PROTOCOL column only in case if protocol property is explicitly specified).
Example

The following example monitors the traffic that goes through the ether1 interface generated by telnet protocol:
[admin@MikroTik] tool> torch ether1 port=telnet
SRC-PORT DST-PORT TX RX
1439 23 (telnet) 1.7kbps 368bps

[admin@MikroTik] tool>

To see what IP protocols are going through the ether1 interface:
[admin@MikroTik] tool> torch ether1 protocol=any-ip
PRO.. TX RX
tcp 1.06kbps 608bps
udp 896bps 3.7kbps
icmp 480bps 480bps
ospf 0bps 192bps

[admin@MikroTik] tool>

To see what IP protocols are interacting with 10.0.0.144/32 host connected to the ether1 interface:
[admin@MikroTik] tool> torch ether1 src-address=10.0.0.144/32 protocol=any
PRO.. SRC-ADDRESS TX RX
tcp 10.0.0.144 1.01kbps 608bps
icmp 10.0.0.144 480bps 480bps

[admin@MikroTik] tool>

To see what tcp/udp protocols are going through the ether1 interface:
[admin@MikroTik] tool> torch ether1 protocol=any-ip port=any
PRO.. SRC-PORT DST-PORT TX RX
tcp 3430 22 (ssh) 1.06kbps 608bps
udp 2812 1813 (radius-acct) 512bps 2.11kbps
tcp 1059 139 (netbios-ssn) 248bps 360bps
[admin@MikroTik] tool>