CLI command output

Kn1ghtR1d3rOfD00m — Fri, 21 Feb 2020 17:27:17 GMT

Hi,

I have seen this output but Im not really sure which CLI command is for the ASA to check some sort of top talkers

what is the CLI command?

Re: CLI command output

Rob Ingram — Tue, 03 Sep 2019 18:15:42 GMT

Hi,
I would guess that is the output from the command "show threat-detection statistics top port-protocol". You could also use "show local-host connection tcp|udp X" to determine the local-hosts with a specific "X" number of tcp or udp connections, which may be helpful.

HTH

Re: CLI command output

Kn1ghtR1d3rOfD00m — Tue, 03 Sep 2019 18:21:54 GMT

thanks for the info,
not really sure, in the ouput I shared, there are source IPs, not sure why the guy did not want to share the CLI command 😞 selflish
I have tested now and the first command gives this

Top Name Id Average(eps) Current(eps) Trigger Total events
20-min Sent attack:
20-min Recv attack:
01 Port-8191-65535 308 226 57384 185361
02 SYSLOG 514 25 30 27625 15283
03 HTTP-Alternat 8080 19 21 33397 11491
04 LDAP 389 17 19 43070 10770
05 NetBIOS-Name 137 5 14 5159 3331
06 HTTPS 443 4 2 891 2939
07 DNS 53 3 2 1198 1839
08 NetBIOS-Datag 138 1 1 2 1056
09 Port-4438 4438 1 1 0 778
10 Kerberos-auto 88 1 1 5 688
1-hour Sent byte:
01 HTTP-Alternat 8080 5235993 5363390 0 18849575605
02 HTTPS 443 4564908 4641885 0 16433669917
03 HTTP 80 3380638 3865723 0 12170298533
04 Port-8191-65535 2251454 2058040 0 8105234478
05 EGP * 8 1413754 1386479 0 5089514576
06 MS-DS/SMB 445 513860 353554

and the second command gives me this

Top Name Id Average(eps) Current(eps) Trigger Total events
20-min Sent attack:
20-min Recv attack:
01 Port-8191-65535 310 289 57382 186210
02 SYSLOG 514 25 28 27624 15016
03 HTTP-Alternat 8080 19 16 33397 11517
04 LDAP 389 17 14 43070 10750
05 HTTPS 443 5 4 891 3528
06 NetBIOS-Name 137 5 3 5159 3071
07 DNS 53 3 4 1198 1848
08 NetBIOS-Datag 138 1 1 2 1060
09 HTTP 80 1 3 11 817
10 Port-4438 4438 1 0 0 725
1-hour Sent byte:
01 HTTP-Alternat 8080 5235993 5363390 0 18849575605
02 HTTPS 443 4564908 4641885 0 16433669917
03 HTTP 80 3380638 3865723 0 12170298533
04 Port-8191-65535 2251454 2058040 0 8105234478
05 EGP * 8 1413810 1418093 0 5089716136
06 MS-DS/SMB 445 513860 353554 0 1849898740
07 LDAP 389 200988 154814 0 723557647
08 Port-4001 4001 160531 135467 0 577914419
09 DNS 53 38978 38616 0 140322645
10 Port-5246 5246 14915 12851 0 53694288
1-hour Sent pkts:
01 HTTP-Alternat 8080 7849 8013 0 28259482
02 HTTPS 443 5524 5444 0 19887648
03 Port-8191-65535 2913 2786 0

any ideas?

Re: CLI command output

Rob Ingram — Tue, 03 Sep 2019 19:43:15 GMT

Ok, so the command "show threat-detection statistics top host" will provide information on top source IP addresses.

HTH

Re: CLI command output

Kn1ghtR1d3rOfD00m — Tue, 03 Sep 2019 20:00:49 GMT

thanks, that was it,

yes, not sure why I used sensitive help 😕 think Im burned with a lot of GUI,

thanks so much for your help,

topic Re: CLI command output in Network Security

CLI command output

Re: CLI command output

Re: CLI command output

Re: CLI command output

Re: CLI command output