How to check which device is using bandwidth on Cisco ASA??

Posted on 2010-11-09
Last Modified: 2016-11-29
We have several dozen servers behind a Cisco ASA 5505.  Something is eating up all our bandwidth, and I'm trying to figure out what it is.  How would I do that on the ASA?  There's got to be a way
Question by:Mystical_Ice
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34095110
Do you have asdm and if so what version?
LVL 17

Accepted Solution

Kvistofta earned 167 total points
ID: 34095118
One way to do this is by using PRTG and Netflow. Have a look at this link: way is to have a look at the graphs in ASDM. In v8.3 there are enhancements in the graphs that enables you to list top talkers.a third way is to investigate the output of the "show conn"-command. This will give you a list of all current sessions thru firewall but will only give you a hint of number of connections which may or may not correllate with bandwidth usage./Kvistofta

Assisted Solution

BooSTid earned 167 total points
ID: 34095364
There's a free netflow analyzer from solarwinds as well; pretty straightforward to setup. Just follow the configuring netflow guides on your interface(s), and set up your analyzer to monitor.

Howto configure netflow with ASDM:

Assuming this is a corporate network and mission critical; I would strongly recommend some sort of network monitoring system (NMS) so that you can baseline and have traffic/performance metrics. Makes a lot of this not so mysterious and readily available. Invaluable for troubleshooting and alarming. As a first recommendation, check out zenoss core; free and opensource.


Author Comment

ID: 34095593
Not sure on asdm offhand, but the ASA is running version 8.2, i know that.

Thanks for the other suggestions - i'm going to try these as soon as i get back from lunch

Assisted Solution

zgiuffria earned 166 total points
ID: 34095674
If you have the new ASDM on your ASA then there is a panel when you first log in that shows the highest source and destination usage by IP address.

Expert Comment

by:Kimberley from Paessler
ID: 41905702
PRTG has come a long way since this question was first opened!  

There are different methods available to see who or what is hogging your bandwidth, but the two most common are SNMP and flow:

1.      SNMP (Simple Network Management Protocol) provides traffic counters so you can collect statistics about the amount of traffic you have on a connection, over time, to see if you have enough capacity.  SNMP is an industry standard that’s supported by pretty much every vendor.  SNMP shows you the amount of traffic in/out, the number of broadcasts, multicasts, errors or discards you have on each port.

SNMP is supported by every major network vendor and every major operating system, so you’re not limited to switches here – you can use SNMP to collect stats not only from switches, but also from servers, virtual servers, storage systems, and workstations.

PRTG Network Monitor includes SNMP traffic sensors out-of-the box, so all you need to do is enter your SNMP credentials into PRTG and it will start monitoring your traffic for you.

2.      The flow protocols include NetFlow (Cisco, VMware), jFLow (Juniper), sFlow (HP) and IPFIX (Cisco, VMware).  The results from all of these are similar, and they show you not only how much traffic you have, but what machines and what protocols are using the most bandwidth.  So, you can see if one specific user or a certain application is using more than their fair share.

The switches collect data about all of the traffic flows passing through that switch, and then send summarized information about these flows to a flow “receiver”.  PRTG includes receivers for NetFlow v5, NetFlow v9, jFlow, sFlow and IPFIX, so you only need to enable flow on your switches and configure your PRTG server as the recipient of the flows.  PRTG will then analyze the incoming flow data and will show you the top talkers, top protocols, and top connections.

To see the PRTG bandwidth sensors in action, check out our video tutorials:
•      Bandwidth Monitoring with SNMP and WMI
•      Bandwidth Monitoring with NetFlow and Packet Sniffing

If you'd like to give PRTG a try, download our free 30-day trial version with unlimited sensors ([Video] What is a Sensor?).  After the 30 days it will automatically revert to our 100-sensor freeware version.

To give you an idea of what PRTG looks like, here's a screenshot from a netflow sensor:
PRTG NetFlow Sensor
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question