https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048384#M438295 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I guess there is several things you can check on your firewall.</P><P></P><UL><LI>Check the active connection on the ASA<UL><LI><STRONG>show conn | inc <NAMEIF></NAMEIF></STRONG></LI></UL></LI></UL><P></P><UL><LI>Check the hosts that have connections through the ASA on that interface<UL><LI><STRONG>show local-host | begin Interface <NAMEIF></NAMEIF></STRONG></LI></UL></LI></UL><P></P><UL><LI>Generate log messages to a syslog server from each connection formed<UL><LI>Either using <STRONG>"logging trap informational"</STRONG></LI><LI>OR check what the Syslog ID for connection Building/Teardown is and change its logging level to your current one</LI><LI>OR configure logging parameters to the access-list/ACE statements to generate logging messages on certain syslog/logging level</LI></UL></LI></UL><P></P><UL><LI>Configure traffic capture on the interface and simply capture all the traffic on the firewall interface in question <UL><LI>The maximum buffer size for the capture is around 33,5MB but it can be set to overwrite the previous data</LI><LI>You also dont have to capture the complete packet</LI><LI>After the capture (or during it) you can copy the capture file to your computer and open it with Wireshark to see whats connections are being taken through the interface in question.</LI></UL></LI></UL><P></P><P>Those are just some things that came to mind. I'm sure theres probably other ways to go about this thing also.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 24 Sep 2012 09:43:10 GMT Jouni Forss 2012-09-24T09:43:10Z https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048383#M438293 <P>Hi ,</P><P></P><P>I have a cisco asa 5520 and suddendley in my Network Monitor tool,(using SNMP)&nbsp; asa's DMZ interface traffic is showing arround 90000 Kbit/s .</P><P></P><P>i want to check which traffic is flowing throgh this interface.(Ip address details)</P><P></P><P></P><P>Note : There is no impact on asa CPU usage.</P><P></P><P></P><P>Regards,</P><P>Prashant</P> Mon, 11 Mar 2019 23:57:58 GMT https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048383#M438293 prashantrecon 2019-03-11T23:57:58Z https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048384#M438295 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I guess there is several things you can check on your firewall.</P><P></P><UL><LI>Check the active connection on the ASA<UL><LI><STRONG>show conn | inc <NAMEIF></NAMEIF></STRONG></LI></UL></LI></UL><P></P><UL><LI>Check the hosts that have connections through the ASA on that interface<UL><LI><STRONG>show local-host | begin Interface <NAMEIF></NAMEIF></STRONG></LI></UL></LI></UL><P></P><UL><LI>Generate log messages to a syslog server from each connection formed<UL><LI>Either using <STRONG>"logging trap informational"</STRONG></LI><LI>OR check what the Syslog ID for connection Building/Teardown is and change its logging level to your current one</LI><LI>OR configure logging parameters to the access-list/ACE statements to generate logging messages on certain syslog/logging level</LI></UL></LI></UL><P></P><UL><LI>Configure traffic capture on the interface and simply capture all the traffic on the firewall interface in question <UL><LI>The maximum buffer size for the capture is around 33,5MB but it can be set to overwrite the previous data</LI><LI>You also dont have to capture the complete packet</LI><LI>After the capture (or during it) you can copy the capture file to your computer and open it with Wireshark to see whats connections are being taken through the interface in question.</LI></UL></LI></UL><P></P><P>Those are just some things that came to mind. I'm sure theres probably other ways to go about this thing also.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 24 Sep 2012 09:43:10 GMT https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048384#M438295 Jouni Forss 2012-09-24T09:43:10Z https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048385#M438297 <HTML><HEAD></HEAD><BODY><P>Thanks it is very helpful</P></BODY></HTML> Mon, 24 Sep 2012 10:15:28 GMT https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048385#M438297 prashantrecon 2012-09-24T10:15:28Z https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048386#M438299 <HTML><HEAD></HEAD><BODY><P><BR />Hi All,</P><P></P><P>How do i check the same connection logs in ASDM GUI mode.</P><P></P><P>Please help...</P><P></P><P></P><P>Rgds</P></BODY></HTML> Mon, 24 Sep 2012 10:59:17 GMT https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048386#M438299 Suresh Babu 2012-09-24T10:59:17Z https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048387#M438300 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>When i am checking the traffic in ASDM graph it is only showing me between 20 - 50 Kbps (and it is normal) at the same time on SNMP sensor dmz traffic is around 90,371 kbit/s.</P><P></P><P>so i think actual traffic is the ASDM graph traffic .</P></BODY></HTML> Tue, 25 Sep 2012 03:47:13 GMT https://community.cisco.com/t5/network-security/how-to-check-which-ip-s-are-hitting-on-a-particular-interface-of/m-p/2048387#M438300 prashantrecon 2012-09-25T03:47:13Z