Client Bandwidth usage via 501 PIX through NAT or (PNAT).

Posted on 2004-11-15
Last Modified: 2013-11-16
I have a medium lan that runs behind a cisco 501 PIX.  The problem is that I cannot find a command/set of commands to work out the amount of bits per client connection through the NAT.  So when the DSL gets flooded from the firewall, I cannot locate the offending PC.
Is there a method for locating the number of bits/bytes per NAT client?
Question by:debuggerau
    LVL 36

    Expert Comment

    Hi debuggerau,
    There is probably a way by using a SNMP query tool.
    However personally I would setup an old machine running either Windows or Linux and install a free copy of ethereal ( network analyser on it. Connect the inside interface of the PIX, the internal LAN, and the monitoring machine into a HUB (or span the port on an existing switch if you have a managed switch).
    The ethereal software will be able to tell you which machines are using the link and how much they are transfering.
    LVL 23

    Author Comment

    Hi grblades,

    Thanks for the responce, however I do have such a unit but continuous monitoring is not feasible due to the memory requirements.  I get a few hours monitoring before it just bogs down and becomes unusable. We have purchased Network assocates Siffer Pro which solves this however I was looking for a PIX feature similar to the 'Show nat translations' on the cisco router but also included bit counters for each connection.
    I use the 'show xlate' which gives me the nat connections but lacks any counters.
    I was hoping for a series of commands that may give me what I need to see who is flooding the link....
    Hope that clarifies things...

    LVL 36

    Accepted Solution

    The only other thing I can think of is for you to create an outbound access-list and then look at the matching packet counts.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now