Blocking Youtube traffic on MikroTik without the use of Layer 7 Protocol

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi there this is madhadet here again in this video i'll have to show you how you can block youtube traffic using the tls host so since the version 6.41 on the my critique router they have created something called tls host so we will get the server names from the dls host for youtube and then we can block them so as you can see here we have a lab of five pawns so the scenario is that i have a micro tech router i'm connected to computer to it that's it and we have internet from this micro tech router and we need now to start blocking the youtube traffic so let's start directly with point number one what number one open a youtube video on your pc is it working so i will open here the browser and this is the browser and let's go to youtube so this is youtube and you can see it is working without any problem so now we have to do the fit the rules to be able to block the youtube traffic all right and this uh the way i'm showing you here is not only for the computer but also it works for any uh youtube traffic whether on the phone smartphone or on the tablet or any other devices then youtube will be completely blocked point number one is done point number two create a filter rule to collect all youtube servers in the address list so what i need now to do i have to use the tls host so on the dtls host then you can find out what are the servers of youtube so we see what are the server of youtube we put them in an address list and then i will apply another filter rule to drop all the traffic going to those servers so what i need now to do is to collect all the servers of your youtube then i can put them on a address so i'll make them in a category so how to do that we have to go to the microtech router then we go to the ip and i go to firewall all right very good so inside the filter rule here i just create a new rule and i would say for the chain forward forward means any traffic going from my pc to the internet so it's going via the router to the internet so forward coming from and here you have to put your lan network in my case it is 192 168.1.0 24. so anything traffic going via the router coming from this ip or from this range of ip and going to do tcp on port 443 so why tcp 443 because the youtube works on https so https is on pcp port 443 so again any traffic going from my computer via the router coming from this address and doing tcp 443 right very good and now we have to go here to the advanced and if we go down here in advance you see we have the tls host over here you have to put the server name but you can also put regular expression i will make this regular expression it works perfectly i tried it and it's working perfectly you just make asterisks and you write youtube and you make asterix so then i will repeat what we have done any traffic going from my computer from this range trying to do tcp on port 443 and it has something inside of it as the ls host youtube then the action is to add the destination so that means to where it is going to the server of youtube add it inside an address list and this address list i will name it youtube just i give it a name and i will keep this ip inside this address this youtube for 30 days so 30 days all right so this is how you can buy 30 days you can make it more than 30 days you can make it less but i just like to keep it inside the address list for 30 days because then it is there and it is always there all right so let's repeat less time so again traffic going forward coming from this network trying to do https and it is doing youtube so only for you to then add those ip addresses of the destination which are the youtube server inside an address list called youtube and leave it for 30 days all right then i make okay so now we didn't yet apply the filter rule to drop the traffic we are just collecting the youtube servers and the server ip addresses inside the address list and then after that i will make the drop of the traffic now i have made some traffic already now for youtube so i opened the youtube on my year because i also enabled wireless here so i opened youtube on my phone on my tablet on my computer just to collect the servers of youtube and you can see now that if we look inside the address list you can see that here we go that this addresses that i have made the youtube it has collected those ips from youtube so you can see youtube has different servers so it has collected already all of this and the more you do traffic on youtube the more addresses you may get all right so you can see it has d means it is dynamic and this will stay for 30 days you can see it is already 29 days something so it's staying for 30 days very good so what you need now to do is just to apply the filter rule to drop it point number two is done point number three apply a filter rule against this other system drop all traffic so let's do that we go again to the router and now we create another filter rule and all you need to do here is to say the chain forward so this is the traffic going via the router and then over here you what you need to do is to go to the advanced and say destination address list which is youtube so anything going via the router which is trying to go to the youtube destination address so that is the address list then the action is to draw that's it and you say now drop so that's what you need to do now let's open youtube and see if it's gonna work part number three is downpour number four check if you have collected youtube servers uh ip and the other we have already seen that so i've already showed you that you can see they are all over here port number four is done point number five try to open youtube page does it work and what about other pages so let's open the browser now and let's go to youtube so you can see it is loading loading loading and it's not gonna open let's open something else let's go to facebook for example and here we go you see that facebook it is working let's open linkedin and linkedin is working so the only traffic at this moment which is dropping is youtube and you can see it's loading loading loading and now if we go to the filter rules and then we go to the here and let's check so you see on the filter rules here this is the dropping so you can see that the packets are increasing because it is uh dropping the package for youtube so you see it's straightforward it works perfectly and this is much better than using the layer 7 here normally a lot of people use the layer 7 protocol they just put here a regular expression but the problem with layer 7 that the micro tech firewall needs for every traffic coming to the router he needs to check the layer seven so it has to go up to the layer seven and checking the layer seven every time then it is a lot of resources on your router so this cpu will be high and in case you have a lot of traffic from your production network which are the normal traffic and then he's always checking for every traffic the layer 7 then it will drop a lot of packets so that's something i don't uh really recommend that you use it the layer 7 so in case you have a small network that's fine but for big networks i don't think it's the best solution the best to do is to use this so what i showed you now the uh using the tls host just put it here the dls source on the advanced and collect all those uh ip offers youtube servers and then apply a dropping on it and then it works perfectly so let's now check if you can see it's still trying to open youtube but at the end it's not gonna open at all point number five is done and with this point i have showed you a very nice way to block the youtube traffic you can see a straightforward couple of configurations you have to do and it works perfectly without any problem so this is what i wanted to show you in this lecture i hope it was informative for you and i will see you in the upcoming lecture
Info
Channel: MAICT Consult
Views: 22,290
Rating: undefined out of 5
Keywords: mikrotik block youtube https, mikrotik youtube, mikrotik block youtube ads, mikrotik router youtube, mikrotik youtube limit, mikrotik youtube channel, mikrotik youtube layer 7, mikrotik block youtube layer 7, mikrotik separate bandwidths for youtube & browsing, mikrotik route facebook and youtube to different wan, mikrotik youtube block, mikrotik tls host, mikrotik tls handshake failed, mikrotik tls, MTCNA, MikroTik, Mynetworktraining, Maher Haddad
Id: mcJbY8dvDJc
Channel Id: undefined
Length: 8min 53sec (533 seconds)
Published: Thu Aug 27 2020
Related Videos
Best way to block Facebook and Twitter traffic on MikroTik
MAICT Consult
6.6K
VRRP on MikroTik
MAICT Consult
4.8K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
TOP 10 RouterOS Configuration Mistakes
MikroTik
119K
Configuring VLAN's on MikroTik RouterBoard using the Switch Chip
MAICT Consult
39K
Finding TLS host server name using Wireshark and blocking Facebook on Mikrotik using TLS Host
MAICT Consult
3.6K
MikroTik Tutorial 35 - How to limit Youtube traffic
TKSJa
82K
Live #1 - Aumentando o Desempenho do Mikrotik com FastPath/FastTrack/No-Track
Wissam Quemel
16K
Each layer of the OSI model and TCP/IP explained.
danscourses
174K
Three Different Ways to Block Website in Mikrotik - Layer 7 protocol and TLS-Host
Quick Tech Tut
5.5K
Solid State Batteries - Autumn 2021 mass production in Japan. Is it FINALLY happening?
Just Have a Think
1.3M
Installing MikroTik The Dude server and client
MAICT Consult
44K
How does a USB keyboard work?
Ben Eater
1M
Drone Programming With Python Course | 3 Hours | Including x4 Projects | Computer Vision
Murtaza's Workshop - Robotics and AI
1.7M
My DIY R/C Boat Pulled me 20 Miles!!!
rctestflight
1.1M
MikroTik Router | block websites facebook and youtube [part1]
Knowledge
106K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.