Смотрим различную статистику

Посмотрим все соединения

[admin@torg] > /ip firewall connection print
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
 0 SA udp      192.168.12.6:57582    213.24.127.137:52488              2m20s      
 1 SA udp      192.168.12.6:57582    213.242.3.172:62139               2m21s      
 2 SA tcp      192.168.12.4:1675     205.188.10.225:5190   established 3h59m45s   
 3 SA tcp      192.168.12.6:49171    217.20.147.94:443     established 3h59m56s   
 4 SA tcp      192.168.12.94:53396   217.69.138.102:2042   established 3h59m57s   
 5 SA udp      192.168.12.6:57582    176.49.189.228:58209              2m23s      
 6    udp      192.168.12.6:57582    192.168.254.18:52075              9s         
 7 SA udp      192.168.12.6:57582    188.162.229.132:62850             2m56s      
 8 S  udp      192.168.12.6:53688    111.221.77.141:40004              0s         
 9 SA tcp      192.168.12.4:1067     94.100.188.171:2042   established 3h59m44s   
10    udp      192.168.12.6:57582    94.245.121.251:3544               7s         
11 SA udp      192.168.12.6:57582    83.246.231.47:58842               2m47s      
12 SA udp      192.168.12.6:57582    94.141.36.60:58912                2m15s      
13 SA tcp      192.168.12.6:63487    217.20.147.94:80      established 3h59m24s   
. . . . . . . . . . . . .
-- [Q quit|D dump|down]

Посмотрим только активные соединения

[admin@torg] > /ip firewall connection print where tcp-state="established"
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
34 SA tcp      192.168.12.4:1675     205.188.10.225:5190   established 3h59m8s    
35 SA tcp      192.168.12.94:53396   217.69.138.102:2042   established 3h59m3s    
36 SA tcp      192.168.12.4:1067     94.100.188.171:2042   established 3h59m4s    
37 SA tcp      192.168.12.6:63487    217.20.147.94:80      established 3h59m      
38 SA tcp      192.168.12.4:1087     134.170.25.86:443     established 3h58m6s    
39 SA tcp      192.168.12.4:1076     65.54.167.19:12350    established 3h52m6s    
40 SA tcp      192.168.12.6:49252    74.125.143.100:443    established 3h58m49s   
41 SA tcp      192.168.12.94:60547   74.125.143.100:443    established 3h58m57s   
42 SA tcp      192.168.12.6:55022    94.100.188.169:2042   established 3h59m      
43 SA tcp      192.168.12.6:55014    94.100.188.173:2042   established 3h58m49s   
44 SA tcp      192.168.12.94:53786   65.55.223.31:40021    established 3h59m3s    
45 SA tcp      192.168.12.6:49246    217.20.147.94:80      established 3h58m53s   
46 SA tcp      192.168.12.6:49209    64.4.23.174:40026     established 3h58m58s   
47 SA tcp      192.168.12.4:4268     157.55.130.175:40031  established 3h59m6s    
48 SA tcp      77.34.32.32:35677     77.34.11.114:22       established 4m10s      
49 SA tcp      192.168.12.94:53788   157.56.116.204:12350  established 3h54m3s    
50 SA tcp      192.168.12.94:56838   64.4.47.11:443        established 3h59m4s    
51 SA tcp      192.168.12.201:3720   192.168.2.210:445     established 3h59m8s    
52 SA tcp      192.168.12.94:60495   217.69.139.216:443    established 3h59m8s    
53 SA tcp      192.168.12.94:60616   217.20.147.94:443     established 3h58m40s   
54 SA tcp      192.168.12.6:49213    91.190.218.55:12350   established 3h55m51s   
55 SA tcp      192.168.12.6:49250    74.125.143.136:443    established 3h58m47s   
56 SA tcp      192.168.12.6:50417    65.54.184.46:443      established 3h58m51s   
57 SA tcp      192.168.12.94:60621   74.125.143.91:443     established 3h59m58s   
58 SA tcp      192.168.12.94:60622   74.125.143.91:443     established 3h59m58s   
59 SA tcp      192.168.12.94:60623   74.125.143.138:443    established 3h59m59s   
60 SA tcp      192.168.12.94:60624   74.125.143.138:443    established 3h59m59s   

Посмотрим все соединения для 192.168.12.94

[admin@torg] > /ip firewall connection print where src-address~"192.168.12.94"
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
157 SA tcp      192.168.12.94:53396   217.69.138.102:2042   established 3h59m50s   
158 SA udp      192.168.12.94:43127   177.99.236.85:24112               1m22s      
159 SA tcp      192.168.12.94:53786   65.55.223.31:40021    established 3h59m18s   
160 SA tcp      192.168.12.94:60650   74.125.143.102:443    established 3h59m58s   
161 SA udp      192.168.12.94:43127   180.191.42.250:9134               1m22s      
162 SA tcp      192.168.12.94:60651   217.20.147.94:443     established 3h59m56s   
163 SA tcp      192.168.12.94:53788   157.56.116.204:12350  established 3h57m19s   
164 SA tcp      192.168.12.94:56838   64.4.47.11:443        established 3h59m19s   
165 SA tcp      192.168.12.94:60635   217.69.139.216:443    established 3h59m39s   

Посмотрим все соединения на 443-й порт

[admin@torg] > /ip firewall connection print where dst-address~":443"         
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
166 SA tcp      192.168.12.4:1087     134.170.25.86:443     established 3h59m54s   
167 SA tcp      192.168.12.94:60650   74.125.143.102:443    established 3h59m55s   
168 SA tcp      192.168.12.94:60651   217.20.147.94:443     established 3h59m53s   
169 SA tcp      192.168.12.94:56838   64.4.47.11:443        established 3h59m46s   
170 SA tcp      192.168.12.94:60635   217.69.139.216:443    established 3h59m51s   
171 SA tcp      192.168.12.6:50417    65.54.184.46:443      established 3h59m34s   

то же самое что и выше - только с интервалом 2 секунды:

[admin@torg] > /ip firewall connection print interval=2 where dst-address~":443"                     
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
173 SA tcp      192.168.12.94:60666   74.125.143.100:443    established 3h58m23s   
181 SA tcp      192.168.12.6:49963    74.125.143.93:443     time-wait   6s         
182 SA tcp      192.168.12.4:1087     134.170.25.86:443     established 3h58m16s   
174 SA tcp      192.168.12.94:60656   217.20.147.94:443     close-wait  7s         
175 SA tcp      192.168.12.94:60664   74.125.143.91:443     established 3h58m21s   
177 SA tcp      192.168.12.94:60650   74.125.143.102:443    established 3h58m52s   
179 SA tcp      192.168.12.94:56838   64.4.47.11:443        established 3h57m14s   
180 SA tcp      192.168.12.94:60635   217.69.139.216:443    established 3h58m48s   
183 SA tcp      192.168.12.6:49986    217.20.147.94:443     established 3h58m41s   
184 SA tcp      192.168.12.6:49965    74.125.143.100:443    time-wait   7s         
185 SA tcp      192.168.12.6:50417    65.54.184.46:443      established 3h57m1s    
188 SA tcp      192.168.12.6:49994    94.100.180.199:443    close-wait  1s         

Посмотрим все активные соединения для 192.168.12.6 Период вывода - каждые 2 секунды:

[admin@torg] > /ip firewall connection print interval=2 where src-address~"168.12.6" and tcp-state~"estab"
Flags: S - seen reply, A - assured 
 #    PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT    
285 SA tcp      192.168.12.6:50517    217.20.147.94:443     established 3h59m13s   
286 SA tcp      192.168.12.6:50011    217.20.147.94:80      established 3h59m14s   
287 SA tcp      192.168.12.6:55022    94.100.188.169:2042   established 3h59m28s   
288 SA tcp      192.168.12.6:50471    217.20.147.94:80      established 3h59m54s   
289 SA tcp      192.168.12.6:55014    94.100.188.173:2042   established 3h59m47s   
290 SA tcp      192.168.12.6:49209    64.4.23.174:40026     established 3h59m48s   
291 SA tcp      192.168.12.6:49213    91.190.218.55:12350   established 3h52m49s   
292 SA tcp      192.168.12.6:50417    65.54.184.46:443      established 3h59m51s   

Посмотрим только правила с drop

[admin@torg] > /ip firewall filter print where action="drop"
Flags: X - disabled, I - invalid, D - dynamic 
 2   chain=input action=drop protocol=tcp src-address-list=!ssl_allow dst-port=22 
 
 3   chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 
 
12   ;;; default configuration
     chain=input action=drop in-interface=wan 
 
15   ;;; default configuration
     chain=forward action=drop connection-state=invalid 

Посмотрим как часто срабатывают эти правила

[admin@torg] > /ip firewall filter print stats where action="drop"
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                            ACTION                            BYTES         PACKETS
 2   input                                            drop                              2 644              59
 3   input                                            drop                            102 672           1 716
12   ;;; default configuration
     input                                            drop                         37 695 146         510 809
15   ;;; default configuration
     forward                                          drop                          2 990 235          74 120