Solved

ASA Switch Port Mirroring - bandwidth monitoring

Posted on 2008-10-03
6
7,044 Views
Last Modified: 2013-11-16
I have a Cisco 5505 that I am hoping allows for port mirroring on the built in switch ports. Do you know if this is possible? And if so, how is it configured?

Basically I am attempting to monitor the bandwidth on my network since the inbound traffic is pegging out multiple times a day. I know that that ASA shows yo ua graph of the inbound outbound traffic but I am hoping to locate the specific peers that are causing this headache for me. Thanks in advance for all your help
0
Comment
Question by:bacchus1106
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22635493
The ASA 5505 includes a built-in packet capture utility.  
Open the ASDM
Go to "Wizards", "Packet Capture Wizard"

Run through the wizard to begin capturing packets on whichever interface you are interested in.  These captures can then be saved and reviewed using various analyzer utilities (Wireshark is a good choice.)
0
 

Author Comment

by:bacchus1106
ID: 22635629
I checked and all I see is the Packet Tracer. Under Wizards the only ones I have are:
Startup Wizard
VPN Wizard
High Availablity and Scalability Wizard


Am I not looking in the right place?
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22636633
Yes, it is possible but none of the other users even touched on it.
The command to setup a port mirror is:
switchport monitor {source interface} {tx, rx, or both}
This sets up the specified port to mirror traffic on a port, ports, or all traffic on the backplane.
Here is the Cisco documentation for this command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559
It is basically the same thing as a SPAN session on a switch.
Cheers!
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22637319
You may need to upgrade to a newer version.  I'm running ASDM ver 6.0, and ASA ver 8.0(3).
Using the wizard is much easier, and allows for you to specify ingress and egress ports if you can upgrade.  Here is a sample of what the CLI looks like:

! inside
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_inside permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_inside permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply ingress  capture on the inside interface.
capture asdm_cap_inside packet-length 1522 buffer 524288 access-list asdm_cap_selector_inside
capture asdm_cap_inside interface inside


! MPLS
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_MPLS permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_MPLS permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply egress  capture on the MPLS interface.
capture asdm_cap_MPLS packet-length 1522 buffer 524288 access-list asdm_cap_selector_MPLS
capture asdm_cap_MPLS interface MPLS

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22637389
Another thing you can do is just install and setup WireShark - it is a very good free packet capture tool that can analyze and graph the traffic, sources, types, destinations, you name it.
http://www.wireshark.org/
Cheers!
0
 

Author Comment

by:bacchus1106
ID: 22893277
Thanks for the input. The switch port monitor was exactly what I needed.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now