What kind of traffic analysis can I do on a pix 501? I understand it does not support netflow. A customer is complaining of bandwidth issues and I want to find the issue.
THe 501 will not inherently analyze traffic and report what you're looking for. You'll need other tools to accomplish that.

If you have budget for it, there are many commercial apps that can capture and analyze traffic, and report who the bandwidth hogs are, such as:

If you have no budget for this, there are open source tools like Cacti:

And nTop:



What protocol will ntop use to analyze the traffic? SNMP?
NTop can use SNMP if you configure it to - and that will tell you which ports on a switch or router or firewall are generating the most traffic. But SNMP won't reveal the finite details about that traffic, like which source IP addresses are connecting to which destination IP addresses; or what protocols they're using.

NTop does a great job of revealing all those finite details - AND MORE - but not by using SNMP. Simple "promiscuous mode" packet captures will do that, and NTop is designed for such use.

The catch:  the host that runs NTop must have two network cards (NIC's). One of those cards will be used for the packet capture/analysis - and that card will need to plug into a port on a hub or switch that "see" that traffic. This is often a switch port that is "mirroring" the other switch ports, or using SPAN'ing.


Thank you, very helpful.

