https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893098#M954609 <HTML><HEAD></HEAD><BODY><P>Monitoring on the Pix is very limited. You may</P><P>want to do this on the upstream router using</P><P>NetFlow. NetFlow can provide you with very </P><P>accurate information.</P><P></P><P>The other alternative is you can monitor</P><P>on the server itself, if the server is</P><P>Linux. You can use a freeware tool called</P><P>iptraf. I use it, excellent tool.</P><P></P><P>CCIE Security</P></BODY></HTML> Wed, 20 Feb 2008 19:05:21 GMT cisco24x7 2008-02-20T19:05:21Z https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893097#M954608 <P>Hello there, </P><P></P><P>I have an app server seating on my PIX's DMZ and I need to know how can I monitor (in real time) inbound traffic from the Outside interface (users out there) to the specific host 192.168.2.4 (app server) on the DMZ interface...</P><P></P><P>Basically i need to know if inbound traffic can actually reach the server AND if so... I need to check if that traffic is coming back from the server to the PIX and back to the end user out there</P><P></P><P>makes sense ?</P><P></P><P>Glenn</P><P></P> Mon, 11 Mar 2019 12:05:32 GMT https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893097#M954608 glenn.guzman 2019-03-11T12:05:32Z https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893098#M954609 <HTML><HEAD></HEAD><BODY><P>Monitoring on the Pix is very limited. You may</P><P>want to do this on the upstream router using</P><P>NetFlow. NetFlow can provide you with very </P><P>accurate information.</P><P></P><P>The other alternative is you can monitor</P><P>on the server itself, if the server is</P><P>Linux. You can use a freeware tool called</P><P>iptraf. I use it, excellent tool.</P><P></P><P>CCIE Security</P></BODY></HTML> Wed, 20 Feb 2008 19:05:21 GMT https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893098#M954609 cisco24x7 2008-02-20T19:05:21Z https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893099#M954610 <HTML><HEAD></HEAD><BODY><P>hello Glenn, Yes you can certainly monitor this traffic in extensive detail and also verify if the packet is returning back or not</P><P></P><P>on the DMZ interface set the </P><P>following Packet Captures :-</P><P></P><P>access-l abc permit ip host <X.X.X.X> host 192.168.2.4</X.X.X.X></P><P></P><P>and then another ACL in reverse order for return traffic</P><P></P><P>access-l abc permit ip host 192.168.2.4 host x.x.x.x</P><P></P><P>x.x.x.x--&gt;ip address of source on outside</P><P></P><P>Capture cpz access-l abc packet-length 1518 interface DMZ</P><P></P><P>generate the traffic and afterwards use the following command to check the packet captures</P><P></P><P>show capture cpz</P><P></P><P>The other way is to set logging on Pix firewall which is a very good way to report the traffic through the pix on a syslog server</P><P></P><P>does this help !</P></BODY></HTML> Thu, 21 Feb 2008 05:10:31 GMT https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893099#M954610 abinjola 2008-02-21T05:10:31Z https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893100#M954611 <HTML><HEAD></HEAD><BODY><P>you got to excuse my language but HELL yeah it does!!!!</P><P></P><P>Thanks a lot my friend!!</P><P></P><P>Glenn </P></BODY></HTML> Thu, 21 Feb 2008 05:29:52 GMT https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893100#M954611 gleguzgo0166 2008-02-21T05:29:52Z https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893101#M954612 <HTML><HEAD></HEAD><BODY><P>I am glad..my post at 12 in the night did not go waste ..cheers</P></BODY></HTML> Thu, 21 Feb 2008 05:34:29 GMT https://community.cisco.com/t5/network-security/how-to-general-question/m-p/893101#M954612 abinjola 2008-02-21T05:34:29Z