https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112266#M357288 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems to me that some host/hosts are generating alot of traffic from your LAN through the ASA to the Internet.</P><P></P><P>Is there some backups been taken of servers that use the Internet connection? I'm not familiar with the process of backing up servers but I'd assume you could configure it to work so that it cant hog so much bandwith even though used outside normal working hours.</P><P></P><P>If this traffic is not caused by some traffic that is "normal" I would suggest monitoring the active connections on the ASA and then determining the hosts generating this traffic and removing them from the network.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 30 Jan 2013 20:38:53 GMT Jouni Forss 2013-01-30T20:38:53Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112264#M357286 <P>Hi, please see attach diagram.</P><P></P><P>My network always have connection problem everyday around 4.30 - 5.00 pm.</P><P>Attach are the screenshot i took photo of my ASA.</P><P></P><P>The place i highlighted, what does it mean actually??</P><P></P><P><SPAN style="font-size: 10pt;">We are trying to find the root cause of the connectivity problem??</SPAN></P> Tue, 12 Mar 2019 00:54:41 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112264#M357286 Mohd Khairul Nizam 2019-03-12T00:54:41Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112265#M357287 <HTML><HEAD></HEAD><BODY><P>Are you running a back-up to a external location? Which starts at the time you are saying?<BR /><BR /><BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Wed, 30 Jan 2013 20:35:02 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112265#M357287 Bart Kersten 2013-01-30T20:35:02Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112266#M357288 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems to me that some host/hosts are generating alot of traffic from your LAN through the ASA to the Internet.</P><P></P><P>Is there some backups been taken of servers that use the Internet connection? I'm not familiar with the process of backing up servers but I'd assume you could configure it to work so that it cant hog so much bandwith even though used outside normal working hours.</P><P></P><P>If this traffic is not caused by some traffic that is "normal" I would suggest monitoring the active connections on the ASA and then determining the hosts generating this traffic and removing them from the network.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 30 Jan 2013 20:38:53 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112266#M357288 Jouni Forss 2013-01-30T20:38:53Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112267#M357289 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems actually according to the "connections per second" that there is probably only 1 or a very low amount of hosts on the network that could be causing this problem.</P><P></P><P>I would consider using the command</P><P></P><P>"show conn long"</P><P></P><P>Then looking at the output look for connections that have been active for a while and also connections that have so far transfered alot of data. As we can see the data rate is pretty high so the culprit host should be easy to determine.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 30 Jan 2013 20:43:08 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112267#M357289 Jouni Forss 2013-01-30T20:43:08Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112268#M357290 <HTML><HEAD></HEAD><BODY><P>Hi all, </P><P>Thank for the respone.</P><P></P><P>we dont have any backup to external. </P><P></P><P>Lately we are having problem during that specified time.</P><P>I want to catch / isolate the culprit</P><P>I attach some more pictures. i dont know to interpret the graph and data.</P><P></P><P>Pls help?</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/9/8/6/127689-1.JPG" class="jive-image" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/0/9/6/127690-2.JPG" class="jive-image" /></P></BODY></HTML> Fri, 01 Feb 2013 07:36:40 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112268#M357290 Mohd Khairul Nizam 2013-02-01T07:36:40Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112269#M357291 <HTML><HEAD></HEAD><BODY><P>172.27.17.8 sends bunch of traffic to 122.152.181.147.</P><P>You have to check what's 172.27.17.8 on your network and find out why it does that.</P></BODY></HTML> Fri, 01 Feb 2013 08:36:21 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112269#M357291 Andrew Phirsov 2013-02-01T08:36:21Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112270#M357292 <HTML><HEAD></HEAD><BODY><P>you can use <STRONG>shun</STRONG> command to shutdown/close the&nbsp; connection temporary for that particular ip, you can also use <STRONG>capture </STRONG>command to monitor/capture the traffic that is causing this, can you also provide the picture for top 10 services?</P></BODY></HTML> Fri, 01 Feb 2013 09:18:39 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112270#M357292 Rudy Sanjoko 2013-02-01T09:18:39Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112271#M357293 <HTML><HEAD></HEAD><BODY><P>i belive the top 10 services is HTTP and HTTPS. </P><P></P><P>Only web services but can generate so much traffic. I wonder??</P></BODY></HTML> Mon, 04 Feb 2013 06:31:13 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112271#M357293 Mohd Khairul Nizam 2013-02-04T06:31:13Z https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112272#M357294 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As Andrew above said.</P><P></P><P>You should locate the host with the IP address of 172.27.17.8 behind the ASA that seems to be generating the highest amount of the connections. Then go through that host computer and see what is causing the high amount of connections.</P><P></P><P>If you only want to use the graphical user interface (ASDM) to troubleshoot this, I would recomment trying to use the real time logging in the ASDM to see what happens when the problem is on.</P><P></P><P>To view the logs in real time go to the following place in the ASDM</P><P></P><P>Monitor -&gt; Logging -&gt; View</P><P></P><P>You can then enter the source IP address and apply it as the filter and only see logs for it. Though I'm not sure how the ASDM works when the problem is on as the host on the LAN seems to push as much traffic to the Internet as the interface is able to transmit. This might make it impossible to use ASDM</P><P></P><P>I would also suggest configuring a Syslog server to the LAN if possible to store the log data for later reference.</P><P></P><P>On the ASA CLI you can issue the following commands to see the connections</P><P></P><P>"show conn"</P><P></P><P>"show conn long"</P><P></P><P>"show local-host 172.27.17.8"</P><P></P><P>If the host 172.27.17.8 is NOT a server you could try to remove it from the network temporarily and see if the problem appears again.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 04 Feb 2013 11:42:00 GMT https://community.cisco.com/t5/network-security/what-is-it-mean/m-p/2112272#M357294 Jouni Forss 2013-02-04T11:42:00Z