Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ASA Switch Port Mirroring - bandwidth monitoring

Posted on 2008-10-03
6
Medium Priority
?
7,293 Views
Last Modified: 2013-11-16
I have a Cisco 5505 that I am hoping allows for port mirroring on the built in switch ports. Do you know if this is possible? And if so, how is it configured?

Basically I am attempting to monitor the bandwidth on my network since the inbound traffic is pegging out multiple times a day. I know that that ASA shows yo ua graph of the inbound outbound traffic but I am hoping to locate the specific peers that are causing this headache for me. Thanks in advance for all your help
0
Comment
Question by:bacchus1106
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22635493
The ASA 5505 includes a built-in packet capture utility.  
Open the ASDM
Go to "Wizards", "Packet Capture Wizard"

Run through the wizard to begin capturing packets on whichever interface you are interested in.  These captures can then be saved and reviewed using various analyzer utilities (Wireshark is a good choice.)
0
 

Author Comment

by:bacchus1106
ID: 22635629
I checked and all I see is the Packet Tracer. Under Wizards the only ones I have are:
Startup Wizard
VPN Wizard
High Availablity and Scalability Wizard


Am I not looking in the right place?
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 2000 total points
ID: 22636633
Yes, it is possible but none of the other users even touched on it.
The command to setup a port mirror is:
switchport monitor {source interface} {tx, rx, or both}
This sets up the specified port to mirror traffic on a port, ports, or all traffic on the backplane.
Here is the Cisco documentation for this command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559
It is basically the same thing as a SPAN session on a switch.
Cheers!
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22637319
You may need to upgrade to a newer version.  I'm running ASDM ver 6.0, and ASA ver 8.0(3).
Using the wizard is much easier, and allows for you to specify ingress and egress ports if you can upgrade.  Here is a sample of what the CLI looks like:

! inside
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_inside permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_inside permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply ingress  capture on the inside interface.
capture asdm_cap_inside packet-length 1522 buffer 524288 access-list asdm_cap_selector_inside
capture asdm_cap_inside interface inside


! MPLS
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_MPLS permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_MPLS permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply egress  capture on the MPLS interface.
capture asdm_cap_MPLS packet-length 1522 buffer 524288 access-list asdm_cap_selector_MPLS
capture asdm_cap_MPLS interface MPLS

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22637389
Another thing you can do is just install and setup WireShark - it is a very good free packet capture tool that can analyze and graph the traffic, sources, types, destinations, you name it.
http://www.wireshark.org/
Cheers!
0
 

Author Comment

by:bacchus1106
ID: 22893277
Thanks for the input. The switch port monitor was exactly what I needed.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question