https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005679#M434481 <HTML><HEAD></HEAD><BODY><P>There's no easy way to tell if you didn't already have instrumentation turned on. </P><P></P><P>The ASA is capable of exporting netflow data to an external collector. It is there that you would be able to retrospectively analyze top flows by source and destination address and port. Additionally in near real time you can monitor the top 10 hosts in the ASDM dashboard (or CLI equivalent).</P></BODY></HTML> Sun, 10 Jun 2012 13:27:26 GMT Marvin Rhoads 2012-06-10T13:27:26Z https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005678#M434479 <P>Hi all,</P><P></P><P>If I noticed a lot of (incoming&amp;outcoming) traffic in outside interface of ASA. Is there any way to know where is this traffic coming or going to (IP address)?</P><P></P><P>And if that traffic happened earlier (for example 1 day ago), can I still know the origin or destination IP address?</P><P></P><P>Please help!!</P><P></P><P>Thanks in Advance,</P><P></P><P>Omer </P> Mon, 11 Mar 2019 23:17:30 GMT https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005678#M434479 omer_babiker 2019-03-11T23:17:30Z https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005679#M434481 <HTML><HEAD></HEAD><BODY><P>There's no easy way to tell if you didn't already have instrumentation turned on. </P><P></P><P>The ASA is capable of exporting netflow data to an external collector. It is there that you would be able to retrospectively analyze top flows by source and destination address and port. Additionally in near real time you can monitor the top 10 hosts in the ASDM dashboard (or CLI equivalent).</P></BODY></HTML> Sun, 10 Jun 2012 13:27:26 GMT https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005679#M434481 Marvin Rhoads 2012-06-10T13:27:26Z https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005680#M434483 <HTML><HEAD></HEAD><BODY><P> Thanks Marvin for your reply.</P><P>Actually I asked this question because I've seen spiky load in my outside interface which looked suspicious. I was curious to know where it came from.</P><P>I used <STRONG>show conn </STRONG>command, but it was only showing the connections in use.</P><P>I'm using opennms as monitioring tool, but not sure if it will help in this case.</P><P>Any recommendation??</P><P></P><P>Thanks,</P><P>Omer</P></BODY></HTML> Mon, 11 Jun 2012 05:16:26 GMT https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005680#M434483 omer_babiker 2012-06-11T05:16:26Z https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005681#M434484 <HTML><HEAD></HEAD><BODY><P>The open source tool for capturing and analyzing netflow exports is ntop. Please see more information at <A href="http://www.ntop.org/products/ntop/">http://www.ntop.org/products/ntop/</A><BR /><BR /></P></BODY></HTML> Mon, 11 Jun 2012 14:23:26 GMT https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005681#M434484 Marvin Rhoads 2012-06-11T14:23:26Z https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005682#M434486 <HTML><HEAD></HEAD><BODY><P> Thanks for the valuable information</P></BODY></HTML> Tue, 12 Jun 2012 05:04:56 GMT https://community.cisco.com/t5/network-security/traffic-analysis-asa/m-p/2005682#M434486 omer_babiker 2012-06-12T05:04:56Z