rootdude
asked on
Who Cratered the Internet?
Hey Guys -
Is there any way on an ASA 5510 to find out what user has cratered the internet connection? I know all about netflow, and that it isn't supported, but is there any other way to tell which IP address is pulling the most data?
Thanks!
Stac
Is there any way on an ASA 5510 to find out what user has cratered the internet connection? I know all about netflow, and that it isn't supported, but is there any other way to tell which IP address is pulling the most data?
Thanks!
Stac
in the asdm there are some monitoring statistics. not sure how detailed they are, I could check for you.
you could enable the logging and just watch for the ip sending the most traffic
All in the ASDM which Im sure you know can be accessed through yr web browser https://(internal IP of the ASA)
you could enable the logging and just watch for the ip sending the most traffic
All in the ASDM which Im sure you know can be accessed through yr web browser https://(internal IP of the ASA)
ASKER
Gentlemen - thanks for the comments - perhaps I should have been more specific. I need to watch the aggregate and / or the immediate packet rates for internal ip addresses. I need to map traffic back to specific ip addresses.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I do not think Wireshark has any ability to give you advanced reports, however the more advanced traffic analyzer packages come with better reporting capabilities.
if you have a managed switch that can do mirroring of ports, you can use ntop. just mirror the switch port the firewall is connected to, to the sniffer server with ntop.
ASKER
Hmmm - so it's possible that by upgrading the image on the firewall so I get ASDM 6 that I may have what I'm looking for? The version of ASDM I'm currently being presented with is 5.2... does thta make sense to our experts?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Other than this you would need to implement a traffic sniffer to listen to all traffic traversing the ASA. The ASA's support monitor ports so this should not be an issue.