https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910305#M1103717 <P>I agree with <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178747">@Flavio Miranda</a> - Netflow is your friend here. You can setup a free PTRG instance to collect Netflow exported from the ASA and easily see the top sources/destinations of traffic. Looking at the ASA directly won't show you that sort of info. You can certainly see CPU, memory, connections, etc. but mostly only a a point in time for connections/ flows and that's what you need in this case.</P> Wed, 23 Aug 2023 05:55:32 GMT Marvin Rhoads 2023-08-23T05:55:32Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910225#M1103712 <P>Hello,</P><P>I recently got a complain on the internet streaming through our internal network going out to Youtube or Facebook.</P><P>In the normal hours, we are working fine, no one complain about the traffic or the streaming, smooth on everything.</P><P>But during some time in the afternoon, we noticed that the traffic of our internet spike to over 500MB. It affects our streaming. And becoming choppy.</P><P>Is there any way we can find out the where are the inbound / outbound traffic? I have the Zabbix monitoring server, and now can only show the traffic being burst. But can I find out what is inside?</P><P>The graph below shows the spike in the afternoon the day before. The one in the morning is also doing the same thing, but we don't experience any choking on the networks/streaming. Both time we do the streaming.</P><P>Can give me some idea on how to find the traffic out?</P><P>We have C2960XR as the switches, and ASA5516 as the firewall.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Traffic_FW.JPG" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/194948i562AD4D239FAF5BE/image-size/large?v=v2&amp;px=999" role="button" title="Traffic_FW.JPG" alt="Traffic_FW.JPG" /></span></P> Tue, 22 Aug 2023 23:12:36 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910225#M1103712 timothy_MTS 2023-08-22T23:12:36Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910229#M1103713 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1466906">@timothy_MTS</a>&nbsp;</P> <P>&nbsp;In order to see traffic you can enable netflow on the switch. Send the flow to a server. You can use free tools like Grafana in order to graphic the output.</P> <P>&nbsp;There are others alternative on the internet, this is just an example.</P> <P>Another thing to check is if the firewall is able to handle all the connections properly.&nbsp; UDP traffic like streaming can saturate firewall easily. Check firewall capacity.</P> Tue, 22 Aug 2023 23:21:50 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910229#M1103713 Flavio Miranda 2023-08-22T23:21:50Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910266#M1103716 <P>Thanks <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178747">@Flavio Miranda</a>&nbsp;</P><P>ok. True that we need something to monitor / analyze on what's going on.</P><P>But from the Firewall itself, does it have anything that I can check besides the CPU, Memory. What I am thinking, if traffic going through the interfaces of the firewall, no matter just a short period of time, not those history.</P><P>&nbsp;</P> Wed, 23 Aug 2023 02:33:29 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910266#M1103716 timothy_MTS 2023-08-23T02:33:29Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910305#M1103717 <P>I agree with <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178747">@Flavio Miranda</a> - Netflow is your friend here. You can setup a free PTRG instance to collect Netflow exported from the ASA and easily see the top sources/destinations of traffic. Looking at the ASA directly won't show you that sort of info. You can certainly see CPU, memory, connections, etc. but mostly only a a point in time for connections/ flows and that's what you need in this case.</P> Wed, 23 Aug 2023 05:55:32 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910305#M1103717 Marvin Rhoads 2023-08-23T05:55:32Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910477#M1103724 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1466906">@timothy_MTS</a>&nbsp;</P> <P>&nbsp;Asa support netflow, you can enable in both devices although they will see the same information.</P> <P>&nbsp;</P> Wed, 23 Aug 2023 07:59:10 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4910477#M1103724 Flavio Miranda 2023-08-23T07:59:10Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4911651#M1103798 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178747">@Flavio Miranda</a>&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;</P><P>Having successfully plot the Netflow information to the PRTG analyze tool. It gives a great picture on it.</P><P>Next will fine tune it to have 24 7 monitoring. Thank you for the great help.</P><P>Cheers,</P><P>Timothy</P> Thu, 24 Aug 2023 22:43:03 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4911651#M1103798 timothy_MTS 2023-08-24T22:43:03Z https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4911657#M1103799 <P>that´s great <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1466906">@timothy_MTS</a>&nbsp; glad to hear you suceeded</P> Thu, 24 Aug 2023 23:31:43 GMT https://community.cisco.com/t5/network-security/monitoring-traffic/m-p/4911657#M1103799 Flavio Miranda 2023-08-24T23:31:43Z