What kind of traffic analysis can I do on a pix 501?

LIBBB
LIBBB used Ask the Experts™
on
What kind of traffic analysis can I do on a pix 501? I understand it does not support netflow. A customer is complaining of bandwidth issues and I want to find the issue.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
THe 501 will not inherently analyze traffic and report what you're looking for. You'll need other tools to accomplish that.

If you have budget for it, there are many commercial apps that can capture and analyze traffic, and report who the bandwidth hogs are, such as:
www.paessler.com

If you have no budget for this, there are open source tools like Cacti:
www.cacti.net

And nTop:
http://www.ntop.org/

Author

Commented:
Thanks,

What protocol will ntop use to analyze the traffic? SNMP?
NTop can use SNMP if you configure it to - and that will tell you which ports on a switch or router or firewall are generating the most traffic. But SNMP won't reveal the finite details about that traffic, like which source IP addresses are connecting to which destination IP addresses; or what protocols they're using.

NTop does a great job of revealing all those finite details - AND MORE - but not by using SNMP. Simple "promiscuous mode" packet captures will do that, and NTop is designed for such use.

The catch:  the host that runs NTop must have two network cards (NIC's). One of those cards will be used for the packet capture/analysis - and that card will need to plug into a port on a hub or switch that "see" that traffic. This is often a switch port that is "mirroring" the other switch ports, or using SPAN'ing.

Author

Commented:
Thank you, very helpful.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial