Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1659
Views
0
Helpful
4
Replies

CLI command output

Go to solution
Kn1ghtR1d3rOfD00m
Level 1
Level 1

‎09-03-2019 11:05 AM - edited ‎02-21-2020 09:27 AM

Hi, 

 

I have seen this output but Im not really sure which CLI command is for the ASA to check some sort of top talkers 

 

what is the CLI command?

 

 

Preview file
255 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Kn1ghtR1d3rOfD00m

‎09-03-2019 12:43 PM

Ok, so the command "show threat-detection statistics top host" will provide information on top source IP addresses.

HTH

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎09-03-2019 11:15 AM

Hi,
I would guess that is the output from the command "show threat-detection statistics top port-protocol". You could also use "show local-host connection tcp|udp X" to determine the local-hosts with a specific "X" number of tcp or udp connections, which may be helpful.

HTH
0 Helpful

Go to solution
Kn1ghtR1d3rOfD00m
Level 1
Level 1
In response to Rob Ingram

‎09-03-2019 11:21 AM

thanks for the info,
not really sure, in the ouput I shared, there are source IPs, not sure why the guy did not want to share the CLI command :( selflish
I have tested now and the first command gives this

Top Name Id Average(eps) Current(eps) Trigger Total events
20-min Sent attack:
20-min Recv attack:
01 Port-8191-65535 308 226 57384 185361
02 SYSLOG 514 25 30 27625 15283
03 HTTP-Alternat 8080 19 21 33397 11491
04 LDAP 389 17 19 43070 10770
05 NetBIOS-Name 137 5 14 5159 3331
06 HTTPS 443 4 2 891 2939
07 DNS 53 3 2 1198 1839
08 NetBIOS-Datag 138 1 1 2 1056
09 Port-4438 4438 1 1 0 778
10 Kerberos-auto 88 1 1 5 688
1-hour Sent byte:
01 HTTP-Alternat 8080 5235993 5363390 0 18849575605
02 HTTPS 443 4564908 4641885 0 16433669917
03 HTTP 80 3380638 3865723 0 12170298533
04 Port-8191-65535 2251454 2058040 0 8105234478
05 EGP * 8 1413754 1386479 0 5089514576
06 MS-DS/SMB 445 513860 353554


and the second command gives me this

Top Name Id Average(eps) Current(eps) Trigger Total events
20-min Sent attack:
20-min Recv attack:
01 Port-8191-65535 310 289 57382 186210
02 SYSLOG 514 25 28 27624 15016
03 HTTP-Alternat 8080 19 16 33397 11517
04 LDAP 389 17 14 43070 10750
05 HTTPS 443 5 4 891 3528
06 NetBIOS-Name 137 5 3 5159 3071
07 DNS 53 3 4 1198 1848
08 NetBIOS-Datag 138 1 1 2 1060
09 HTTP 80 1 3 11 817
10 Port-4438 4438 1 0 0 725
1-hour Sent byte:
01 HTTP-Alternat 8080 5235993 5363390 0 18849575605
02 HTTPS 443 4564908 4641885 0 16433669917
03 HTTP 80 3380638 3865723 0 12170298533
04 Port-8191-65535 2251454 2058040 0 8105234478
05 EGP * 8 1413810 1418093 0 5089716136
06 MS-DS/SMB 445 513860 353554 0 1849898740
07 LDAP 389 200988 154814 0 723557647
08 Port-4001 4001 160531 135467 0 577914419
09 DNS 53 38978 38616 0 140322645
10 Port-5246 5246 14915 12851 0 53694288
1-hour Sent pkts:
01 HTTP-Alternat 8080 7849 8013 0 28259482
02 HTTPS 443 5524 5444 0 19887648
03 Port-8191-65535 2913 2786 0


any ideas?
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Kn1ghtR1d3rOfD00m

‎09-03-2019 12:43 PM

Ok, so the command "show threat-detection statistics top host" will provide information on top source IP addresses.

HTH
0 Helpful

Go to solution
Kn1ghtR1d3rOfD00m
Level 1
Level 1
In response to Rob Ingram

‎09-03-2019 01:00 PM

thanks, that was it,

yes, not sure why I used sensitive help :/ think Im burned with a lot of GUI,

thanks so much for your help,
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card