How to check which device is using bandwidth on Cisco ASA??

Posted on 2010-11-09
Medium Priority
Last Modified: 2016-11-29
We have several dozen servers behind a Cisco ASA 5505.  Something is eating up all our bandwidth, and I'm trying to figure out what it is.  How would I do that on the ASA?  There's got to be a way
Question by:Mystical_Ice
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34095110
Do you have asdm and if so what version?
LVL 17

Accepted Solution

Kvistofta earned 668 total points
ID: 34095118
One way to do this is by using PRTG and Netflow. Have a look at this link:http://www.paessler.com/cisco_asa_netflowAnother way is to have a look at the graphs in ASDM. In v8.3 there are enhancements in the graphs that enables you to list top talkers.a third way is to investigate the output of the "show conn"-command. This will give you a list of all current sessions thru firewall but will only give you a hint of number of connections which may or may not correllate with bandwidth usage./Kvistofta

Assisted Solution

BooSTid earned 668 total points
ID: 34095364
There's a free netflow analyzer from solarwinds as well; pretty straightforward to setup. Just follow the configuring netflow guides on your interface(s), and set up your analyzer to monitor.


Howto configure netflow with ASDM: https://supportforums.cisco.com/docs/DOC-6114

Assuming this is a corporate network and mission critical; I would strongly recommend some sort of network monitoring system (NMS) so that you can baseline and have traffic/performance metrics. Makes a lot of this not so mysterious and readily available. Invaluable for troubleshooting and alarming. As a first recommendation, check out zenoss core; free and opensource.

Zenoss: community.zenoss.org

Author Comment

ID: 34095593
Not sure on asdm offhand, but the ASA is running version 8.2, i know that.

Thanks for the other suggestions - i'm going to try these as soon as i get back from lunch

Assisted Solution

zgiuffria earned 664 total points
ID: 34095674
If you have the new ASDM on your ASA then there is a panel when you first log in that shows the highest source and destination usage by IP address.

Expert Comment

by:Kimberley from Paessler
ID: 41905702
PRTG has come a long way since this question was first opened!  

There are different methods available to see who or what is hogging your bandwidth, but the two most common are SNMP and flow:

1.      SNMP (Simple Network Management Protocol) provides traffic counters so you can collect statistics about the amount of traffic you have on a connection, over time, to see if you have enough capacity.  SNMP is an industry standard that’s supported by pretty much every vendor.  SNMP shows you the amount of traffic in/out, the number of broadcasts, multicasts, errors or discards you have on each port.

SNMP is supported by every major network vendor and every major operating system, so you’re not limited to switches here – you can use SNMP to collect stats not only from switches, but also from servers, virtual servers, storage systems, and workstations.

PRTG Network Monitor includes SNMP traffic sensors out-of-the box, so all you need to do is enter your SNMP credentials into PRTG and it will start monitoring your traffic for you.

2.      The flow protocols include NetFlow (Cisco, VMware), jFLow (Juniper), sFlow (HP) and IPFIX (Cisco, VMware).  The results from all of these are similar, and they show you not only how much traffic you have, but what machines and what protocols are using the most bandwidth.  So, you can see if one specific user or a certain application is using more than their fair share.

The switches collect data about all of the traffic flows passing through that switch, and then send summarized information about these flows to a flow “receiver”.  PRTG includes receivers for NetFlow v5, NetFlow v9, jFlow, sFlow and IPFIX, so you only need to enable flow on your switches and configure your PRTG server as the recipient of the flows.  PRTG will then analyze the incoming flow data and will show you the top talkers, top protocols, and top connections.

To see the PRTG bandwidth sensors in action, check out our video tutorials:
•      Bandwidth Monitoring with SNMP and WMI
•      Bandwidth Monitoring with NetFlow and Packet Sniffing

If you'd like to give PRTG a try, download our free 30-day trial version with unlimited sensors ([Video] What is a Sensor?).  After the 30 days it will automatically revert to our 100-sensor freeware version.

To give you an idea of what PRTG looks like, here's a screenshot from a netflow sensor:
PRTG NetFlow Sensor
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question