• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7324
  • Last Modified:

ASA Switch Port Mirroring - bandwidth monitoring

I have a Cisco 5505 that I am hoping allows for port mirroring on the built in switch ports. Do you know if this is possible? And if so, how is it configured?

Basically I am attempting to monitor the bandwidth on my network since the inbound traffic is pegging out multiple times a day. I know that that ASA shows yo ua graph of the inbound outbound traffic but I am hoping to locate the specific peers that are causing this headache for me. Thanks in advance for all your help
0
bacchus1106
Asked:
bacchus1106
  • 2
  • 2
  • 2
1 Solution
 
TNL_EngrCommented:
The ASA 5505 includes a built-in packet capture utility.  
Open the ASDM
Go to "Wizards", "Packet Capture Wizard"

Run through the wizard to begin capturing packets on whichever interface you are interested in.  These captures can then be saved and reviewed using various analyzer utilities (Wireshark is a good choice.)
0
 
bacchus1106Author Commented:
I checked and all I see is the Packet Tracer. Under Wizards the only ones I have are:
Startup Wizard
VPN Wizard
High Availablity and Scalability Wizard


Am I not looking in the right place?
0
 
PugglewuggleCommented:
Yes, it is possible but none of the other users even touched on it.
The command to setup a port mirror is:
switchport monitor {source interface} {tx, rx, or both}
This sets up the specified port to mirror traffic on a port, ports, or all traffic on the backplane.
Here is the Cisco documentation for this command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559
It is basically the same thing as a SPAN session on a switch.
Cheers!
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
TNL_EngrCommented:
You may need to upgrade to a newer version.  I'm running ASDM ver 6.0, and ASA ver 8.0(3).
Using the wizard is much easier, and allows for you to specify ingress and egress ports if you can upgrade.  Here is a sample of what the CLI looks like:

! inside
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_inside permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_inside permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply ingress  capture on the inside interface.
capture asdm_cap_inside packet-length 1522 buffer 524288 access-list asdm_cap_selector_inside
capture asdm_cap_inside interface inside


! MPLS
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_MPLS permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_MPLS permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply egress  capture on the MPLS interface.
capture asdm_cap_MPLS packet-length 1522 buffer 524288 access-list asdm_cap_selector_MPLS
capture asdm_cap_MPLS interface MPLS

0
 
PugglewuggleCommented:
Another thing you can do is just install and setup WireShark - it is a very good free packet capture tool that can analyze and graph the traffic, sources, types, destinations, you name it.
http://www.wireshark.org/
Cheers!
0
 
bacchus1106Author Commented:
Thanks for the input. The switch port monitor was exactly what I needed.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now