Go Premium for a chance to win a PS4. Enter to Win


How to check which device is using bandwidth on Cisco ASA??

Posted on 2010-11-09
Medium Priority
Last Modified: 2016-11-29
We have several dozen servers behind a Cisco ASA 5505.  Something is eating up all our bandwidth, and I'm trying to figure out what it is.  How would I do that on the ASA?  There's got to be a way
Question by:Mystical_Ice

Expert Comment

ID: 34095110
Do you have asdm and if so what version?
LVL 17

Accepted Solution

Jimmy Larsson, CISSP, CEH earned 668 total points
ID: 34095118
One way to do this is by using PRTG and Netflow. Have a look at this link:http://www.paessler.com/cisco_asa_netflowAnother way is to have a look at the graphs in ASDM. In v8.3 there are enhancements in the graphs that enables you to list top talkers.a third way is to investigate the output of the "show conn"-command. This will give you a list of all current sessions thru firewall but will only give you a hint of number of connections which may or may not correllate with bandwidth usage./Kvistofta

Assisted Solution

BooSTid earned 668 total points
ID: 34095364
There's a free netflow analyzer from solarwinds as well; pretty straightforward to setup. Just follow the configuring netflow guides on your interface(s), and set up your analyzer to monitor.


Howto configure netflow with ASDM: https://supportforums.cisco.com/docs/DOC-6114

Assuming this is a corporate network and mission critical; I would strongly recommend some sort of network monitoring system (NMS) so that you can baseline and have traffic/performance metrics. Makes a lot of this not so mysterious and readily available. Invaluable for troubleshooting and alarming. As a first recommendation, check out zenoss core; free and opensource.

Zenoss: community.zenoss.org

Author Comment

ID: 34095593
Not sure on asdm offhand, but the ASA is running version 8.2, i know that.

Thanks for the other suggestions - i'm going to try these as soon as i get back from lunch

Assisted Solution

zgiuffria earned 664 total points
ID: 34095674
If you have the new ASDM on your ASA then there is a panel when you first log in that shows the highest source and destination usage by IP address.

Expert Comment

by:Kimberley from Paessler
ID: 41905702
PRTG has come a long way since this question was first opened!  

There are different methods available to see who or what is hogging your bandwidth, but the two most common are SNMP and flow:

1.      SNMP (Simple Network Management Protocol) provides traffic counters so you can collect statistics about the amount of traffic you have on a connection, over time, to see if you have enough capacity.  SNMP is an industry standard that’s supported by pretty much every vendor.  SNMP shows you the amount of traffic in/out, the number of broadcasts, multicasts, errors or discards you have on each port.

SNMP is supported by every major network vendor and every major operating system, so you’re not limited to switches here – you can use SNMP to collect stats not only from switches, but also from servers, virtual servers, storage systems, and workstations.

PRTG Network Monitor includes SNMP traffic sensors out-of-the box, so all you need to do is enter your SNMP credentials into PRTG and it will start monitoring your traffic for you.

2.      The flow protocols include NetFlow (Cisco, VMware), jFLow (Juniper), sFlow (HP) and IPFIX (Cisco, VMware).  The results from all of these are similar, and they show you not only how much traffic you have, but what machines and what protocols are using the most bandwidth.  So, you can see if one specific user or a certain application is using more than their fair share.

The switches collect data about all of the traffic flows passing through that switch, and then send summarized information about these flows to a flow “receiver”.  PRTG includes receivers for NetFlow v5, NetFlow v9, jFlow, sFlow and IPFIX, so you only need to enable flow on your switches and configure your PRTG server as the recipient of the flows.  PRTG will then analyze the incoming flow data and will show you the top talkers, top protocols, and top connections.

To see the PRTG bandwidth sensors in action, check out our video tutorials:
•      Bandwidth Monitoring with SNMP and WMI
•      Bandwidth Monitoring with NetFlow and Packet Sniffing

If you'd like to give PRTG a try, download our free 30-day trial version with unlimited sensors ([Video] What is a Sensor?).  After the 30 days it will automatically revert to our 100-sensor freeware version.

To give you an idea of what PRTG looks like, here's a screenshot from a netflow sensor:
PRTG NetFlow Sensor
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering cloud tradeoffs and determining the right mix for your organization.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month6 days, 9 hours left to enroll

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question