[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Trace bandwidth usage (packet sizes) back to an IP address

We need to be able to trace bandwidth usage back to an IP address. We use a Cisco ASA5510 and want to be able to use its logs to determine who or what is using too much bandwidth. We found that if we click on the Monitoring tab in the ASDM then properties then connections we get a log of what is going on including packet sizes and IP addresses but there is no time stamp. if we go to the logging tab there is a time stamp but no packet size. Is there an easy way to do this?
0
ICantSee
Asked:
ICantSee
1 Solution
 
kenfcampCommented:
Assuming you're running ASDM 7.0 - [From - Cisco ASA Series ASDM Configuration Guide, 7.0]
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/asdm70/configuration_guide/asdm_70_config.html

You can view statistics for users by accessing the Firewall Dashboard pane. The Firewall Dashboard pane lets you view important information about the traffic passing through your ASA. Choose Home > Firewall Dashboard > Top 10 Users tab in the Top Usage Status area.

The Top 10 Users tab displays data only when you have configured the Identity Firewall feature in the ASA, which includes configuring these additional components—Microsoft Active Directory and Cisco Active Directory (AD) Agent. See Configuring the Identity Firewall for information.

Depending on which option you choose, the Top 10 Users tab shows statistics for received EPS packets, sent EPS packets, and sent attacks for the top 10 users. For each user (displayed as domain \ user_name ), the tab displays the average EPS packet, the current EPS packet, the trigger, and total events for that user.

Hope this helps

Ken
0
 
Aaron TomoskyTechnology ConsultantCommented:
I'm not familiar with Asa models and options but if it has netflow you should look at scrutinizer
http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html

The free version keeps flows for 24 hours
0
 
nociSoftware EngineerCommented:
as the previous poster already mentioned, you need the netflow data and process that.
http://nfdump.sf.net or http://NfSen.sf.net are OpenSource examples of tools.
Not complete stacks for handling the data more tooling to build your own management tool.
0
 
eeRootCommented:
The ASA should be showing the top 10 talkers and traffic sources.  If not, verify that the statistics collecting has been enabled.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/protect.html#wpxref82650
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now