Trace bandwidth usage (packet sizes) back to an IP address

We need to be able to trace bandwidth usage back to an IP address. We use a Cisco ASA5510 and want to be able to use its logs to determine who or what is using too much bandwidth. We found that if we click on the Monitoring tab in the ASDM then properties then connections we get a log of what is going on including packet sizes and IP addresses but there is no time stamp. if we go to the logging tab there is a time stamp but no packet size. Is there an easy way to do this?
ICantSeeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kenfcampCommented:
Assuming you're running ASDM 7.0 - [From - Cisco ASA Series ASDM Configuration Guide, 7.0]
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/asdm70/configuration_guide/asdm_70_config.html

You can view statistics for users by accessing the Firewall Dashboard pane. The Firewall Dashboard pane lets you view important information about the traffic passing through your ASA. Choose Home > Firewall Dashboard > Top 10 Users tab in the Top Usage Status area.

The Top 10 Users tab displays data only when you have configured the Identity Firewall feature in the ASA, which includes configuring these additional components—Microsoft Active Directory and Cisco Active Directory (AD) Agent. See Configuring the Identity Firewall for information.

Depending on which option you choose, the Top 10 Users tab shows statistics for received EPS packets, sent EPS packets, and sent attacks for the top 10 users. For each user (displayed as domain \ user_name ), the tab displays the average EPS packet, the current EPS packet, the trigger, and total events for that user.

Hope this helps

Ken
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aaron TomoskySD-WAN SimplifiedCommented:
I'm not familiar with Asa models and options but if it has netflow you should look at scrutinizer
http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html

The free version keeps flows for 24 hours
0
nociSoftware EngineerCommented:
as the previous poster already mentioned, you need the netflow data and process that.
http://nfdump.sf.net or http://NfSen.sf.net are OpenSource examples of tools.
Not complete stacks for handling the data more tooling to build your own management tool.
0
eeRootCommented:
The ASA should be showing the top 10 talkers and traffic sources.  If not, verify that the statistics collecting has been enabled.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/protect.html#wpxref82650
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.