Trace bandwidth usage (packet sizes) back to an IP address

Posted on 2014-08-05
Last Modified: 2014-08-21
We need to be able to trace bandwidth usage back to an IP address. We use a Cisco ASA5510 and want to be able to use its logs to determine who or what is using too much bandwidth. We found that if we click on the Monitoring tab in the ASDM then properties then connections we get a log of what is going on including packet sizes and IP addresses but there is no time stamp. if we go to the logging tab there is a time stamp but no packet size. Is there an easy way to do this?
Question by:ICantSee
    LVL 13

    Accepted Solution

    Assuming you're running ASDM 7.0 - [From - Cisco ASA Series ASDM Configuration Guide, 7.0]

    You can view statistics for users by accessing the Firewall Dashboard pane. The Firewall Dashboard pane lets you view important information about the traffic passing through your ASA. Choose Home > Firewall Dashboard > Top 10 Users tab in the Top Usage Status area.

    The Top 10 Users tab displays data only when you have configured the Identity Firewall feature in the ASA, which includes configuring these additional components—Microsoft Active Directory and Cisco Active Directory (AD) Agent. See Configuring the Identity Firewall for information.

    Depending on which option you choose, the Top 10 Users tab shows statistics for received EPS packets, sent EPS packets, and sent attacks for the top 10 users. For each user (displayed as domain \ user_name ), the tab displays the average EPS packet, the current EPS packet, the trigger, and total events for that user.

    Hope this helps

    LVL 38

    Expert Comment

    by:Aaron Tomosky
    I'm not familiar with Asa models and options but if it has netflow you should look at scrutinizer

    The free version keeps flows for 24 hours
    LVL 39

    Expert Comment

    as the previous poster already mentioned, you need the netflow data and process that. or are OpenSource examples of tools.
    Not complete stacks for handling the data more tooling to build your own management tool.
    LVL 21

    Expert Comment

    The ASA should be showing the top 10 talkers and traffic sources.  If not, verify that the statistics collecting has been enabled.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Best free website shortner services 2 51
    Scan IP address, obtain info 7 48
    FortiGate problem 8 37
    Running Out of IP Addresses 9 95
    Let’s list some of the technologies that enable smooth teleworking. 
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now