05-09-2012 05:52 PM - edited 03-11-2019 04:04 PM
Hi,
I know this topic was already discussed before, and I already tried their solution but nothing happened. Bear with me if I'll post this again.
Our company’s Cisco ASA 5520 CPU usage drastically increased up to 93% after installing the antivirus our company purchased.
Upon entering the show commands, which I will post the result later, it shows that the “Dispatch Unit is very high.
I tried to clear the conn of each IP address that has very high bytes, but nothing happened.
I’ll post all the result, and please help me solve this issue. I’m not really familiar with Firewall or security.
INTFW(config)# show proc cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
081aa324 6bdaf870 81.3% 81.5% 81.4% Dispatch Unit
08bd08d6 6bda9210 5.7% 5.7% 5.7% Logger
INTFW(config)# show proc cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
081aa324 6bdaf870 81.3% 81.5% 81.4% Dispatch Unit
08bd08d6 6bda9210 5.7% 5.7% 5.7% Logger
INTFW(config)# show proc cpu-hog
Process: vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 23, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 11:27:17 PHST Aug 8 2011
PC: 8da1592 (suspend)
Process: vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 11:27:17 PHST Aug 8 2011
PC: 8da1592 (suspend)
Traceback: 8da1c7e 8d9ff8f 8062413
Process: ssh_init, PROC_PC_TOTAL: 4, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 07:41:20 PHST Aug 18 2011
PC: 806dcd5 (suspend)
Process: ssh_init, NUMHOG: 4, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 07:41:20 PHST Aug 18 2011
PC: 806dcd5 (suspend)
Traceback: 8b9d3e6 8bab837 8ba024a 8062413
Process: ssh_init, PROC_PC_TOTAL: 90801, MAXHOG: 5, LASTHOG: 2
LASTHOG At: 04:47:28 PHST Apr 5 2012
PC: 8b9ac8c (suspend)
Process: ssh_init, NUMHOG: 90801, MAXHOG: 5, LASTHOG: 2
LASTHOG At: 04:47:28 PHST Apr 5 2012
PC: 8b9ac8c (suspend)
Traceback: 8b9ac8c 8ba77ed 8ba573e 8ba58e8 8ba6971 8ba02b4 8062413
Process: telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 08:43:18 PHST Apr 16 2012
PC: 8870ba5 (suspend)
Process: telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 08:43:18 PHST Apr 16 2012
PC: 8870ba5 (suspend)
Traceback: 8870ba5 9298bf1 92789fe 9279191 80ca7e7 80cacbb 80c14b5
80c1c5f 80c2da6 80c3850 8062413
Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 5, MAXHOG: 3, LASTHOG: 2
LASTHOG At: 20:23:09 PHST Apr 27 2012
PC: 8c0e8e5 (suspend)
Process: Unicorn Proxy Thread, NUMHOG: 5, MAXHOG: 3, LASTHOG: 2
LASTHOG At: 20:23:09 PHST Apr 27 2012
PC: 8c0e8e5 (suspend)
Traceback: 8c0e8e5 8c23428 8c24561 8cff99d 8cfdb0c 8cf9f81 8cf9ef5
8cfa9b0 8cec6c9 8cebf7b 8cec22c 8ce5e2f 8d00cfb 8d01d67
Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 12, MAXHOG: 5, LASTHOG: 4
LASTHOG At: 20:23:09 PHST Apr 27 2012
PC: 8c2bb4d (suspend)
Process: Unicorn Proxy Thread, NUMHOG: 12, MAXHOG: 5, LASTHOG: 4
LASTHOG At: 20:23:09 PHST Apr 27 2012
PC: 8c2bb4d (suspend)
Traceback: 8c2bb4d 8c0ef7a 8c11576 8c11625 8c12748 8c140f8 8c0f074
8c23bae 8f2f1f1 8062413
Process: vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 488, MAXHOG: 100, LASTHOG: 2
LASTHOG At: 02:44:29 PHST May 6 2012
PC: 80635a5 (suspend)
Process: ssh_init, NUMHOG: 461, MAXHOG: 3, LASTHOG: 2
LASTHOG At: 02:44:29 PHST May 6 2012
PC: 80635a5 (suspend)
Traceback: 80635a5 8133d0b 9224474 923d3c8 9239045 9238e95 9226f50
92263d8 92158bf 920530c 922564a 92254c1 9214606 92050bc
Process: telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 17:46:33 PHST May 9 2012
PC: 8beab4b (suspend)
Process: telnet/ci, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 17:46:33 PHST May 9 2012
PC: 8beab4b (suspend)
Traceback: 8beb37e 8bf5961 8870405 92861be 80cf185 80c2c3f 80c3850
8062413
Process: snmp, PROC_PC_TOTAL: 65, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 07:51:40 PHST May 10 2012
PC: 8b37300 (suspend)
Process: snmp, NUMHOG: 65, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 07:51:40 PHST May 10 2012
PC: 8b37300 (suspend)
Traceback: 8b37300 8b35d27 8b32e39 8b358c8 8b10b5e 8b0f7bc 8062413
Process: ssh_init, PROC_PC_TOTAL: 43490, MAXHOG: 4, LASTHOG: 2
LASTHOG At: 08:03:59 PHST May 10 2012
PC: 83cf301 (suspend)
Process: ssh_init, NUMHOG: 43490, MAXHOG: 4, LASTHOG: 2
LASTHOG At: 08:03:59 PHST May 10 2012
PC: 83cf301 (suspend)
Traceback: 83cfb25 83c9883 812ea45 89e51b2 89b8dda 8ba0e44 8ba0278
8062413
Process: Dispatch Unit, PROC_PC_TOTAL: 50959, MAXHOG: 46, LASTHOG: 2
LASTHOG At: 08:16:30 PHST May 10 2012
PC: 81aa324 (suspend)
Process: Dispatch Unit, NUMHOG: 50959, MAXHOG: 46, LASTHOG: 2
LASTHOG At: 08:16:30 PHST May 10 2012
PC: 81aa324 (suspend)
Traceback: 81aa324 8062413
Process: Dispatch Unit, PROC_PC_TOTAL: 4912632, MAXHOG: 1010, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 81aa50f (suspend)
Process: Dispatch Unit, NUMHOG: 4502524, MAXHOG: 1010, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 81aa50f (suspend)
Traceback: 81aa50f 8062413
Process: snmp, PROC_PC_TOTAL: 85863, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 8c09598 (suspend)
Process: snmp, NUMHOG: 85863, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 8c09598 (suspend)
Traceback: 8b300cd 8b1086d 8b0f7bc 8062413
Process: snmp, PROC_PC_TOTAL: 43522, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 8b3709e (suspend)
Process: snmp, NUMHOG: 43522, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 08:16:40 PHST May 10 2012
PC: 8b3709e (suspend)
Traceback: 8b3709e 8b35dcb 8b32e39 8b358c8 8b10b5e 8b0f7bc 8062413
Process: Dispatch Unit, NUMHOG: 14404267, MAXHOG: 1012, LASTHOG: 3
LASTHOG At: 08:17:07 PHST May 10 2012
PC: 81aa5f9 (suspend)
Traceback: 81aa5f9 8062413
Process: Dispatch Unit, PROC_PC_TOTAL: 20260397, MAXHOG: 1012, LASTHOG: 3
LASTHOG At: 08:17:08 PHST May 10 2012
PC: 81aa5f9 (suspend)
CPU hog threshold (msec): 2.844
Last cleared: None
INTFW(config)# show int | in error
1762 input errors, 0 CRC, 0 frame, 1762 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
38632851 input errors, 0 CRC, 0 frame, 38632851 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 7 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
1 input errors, 0 CRC, 0 frame, 1 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
INTFW(config)# show int
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff4, MTU 1500
IP address x.x.x.6, subnet mask 255.255.255.248
30015960429 packets input, 26267024403964 bytes, 0 no buffer
Received 9057 broadcasts, 0 runts, 0 giants
1762 input errors, 0 CRC, 0 frame, 1762 overrun, 0 ignored, 0 abort
0 L2 decode drops
199746407478 packets output, 25119852006560 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/24)
Traffic Statistics for "outside":
30002303388 packets input, 25691387461881 bytes
199746407478 packets output, 21463867385699 bytes
629259354 packets dropped
1 minute input rate 1754 pkts/sec, 1668152 bytes/sec
1 minute output rate 11769 pkts/sec, 944305 bytes/sec
1 minute drop rate, 20 pkts/sec
5 minute input rate 1646 pkts/sec, 1415643 bytes/sec
5 minute output rate 11907 pkts/sec, 1263071 bytes/sec
5 minute drop rate, 19 pkts/sec
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff5, MTU 1500
IP address x.x.x.9, subnet mask 255.255.255.248
197887766666 packets input, 24998369433168 bytes, 0 no buffer
Received 278288 broadcasts, 0 runts, 0 giants
38632921 input errors, 0 CRC, 0 frame, 38632921 overrun, 0 ignored, 0 abort
0 L2 decode drops
29089991932 packets output, 26007238507372 bytes, 79 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "inside":
197875091433 packets input, 21381545513997 bytes
29089992011 packets output, 25452507365233 bytes
47959890 packets dropped
1 minute input rate 11609 pkts/sec, 926890 bytes/sec
1 minute output rate 1731 pkts/sec, 1703914 bytes/sec
1 minute drop rate, 3 pkts/sec
5 minute input rate 11612 pkts/sec, 988624 bytes/sec
5 minute output rate 1615 pkts/
INTFW(config)# show conn
----partial result of show conn. Some of the results have an higher bytes but I think this will be enough.
158026 in use, 165954 most used
TCP outside x.x.x.138:1522 inside x.x.x.106:3609, idle 0:00:24, bytes 1231922, flags UIO
TCP outside x.x.x.138:1522 inside x.x.x.106:4583, idle 0:00:05, bytes 108207477, flags UIO
INTFW(config)# show traffic
folink:
received (in 1922566.370 secs):
62152861 packets 4669911582 bytes
1 pkts/sec 2000 bytes/sec
transmitted (in 1922566.370 secs):
1215835634 packets 1396053558570 bytes
0 pkts/sec 726002 bytes/sec
1 minute input rate 1 pkts/sec, 117 bytes/sec
1 minute output rate 55 pkts/sec, 65230 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 117 bytes/sec
5 minute output rate 51 pkts/sec, 59983 bytes/sec
5 minute drop rate, 0 pkts/sec
outside:
received (in 1922872.370 secs):
30003574779 packets 25692551618468 bytes
15000 pkts/sec 13361000 bytes/sec
transmitted (in 1922872.370 secs):
199756000629 packets 21464645138678 bytes
103001 pkts/sec 11162000 bytes/sec
1 minute input rate 1496 pkts/sec, 1370318 bytes/sec
1 minute output rate 11724 pkts/sec, 1001443 bytes/sec
1 minute drop rate, 23 pkts/sec
5 minute input rate 1518 pkts/sec, 1369006 bytes/sec
5 minute output rate 11644 pkts/sec, 992991 bytes/sec
5 minute drop rate, 25 pkts/sec
inside:
received (in 1922876.630 secs):
197884596127 packets 21382322027279 bytes
102001 pkts/sec 11119000 bytes/sec
transmitted (in 1922876.630 secs):
29091209527 packets 25453660568576 bytes
15001 pkts/sec 13237000 bytes/sec
1 minute input rate 11607 pkts/sec, 996877 bytes/sec
1 minute output rate 1476 pkts/sec, 1352799 bytes/sec
1 minute drop rate, 14 pkts/sec
5 minute input rate 11487 pkts/sec, 986769 bytes/sec
5 minute output rate 1453 pkts/sec, 1345452 bytes/sec
5 minute drop rate, 5 pkts/sec
Thanks,
Mark
05-09-2012 09:32 PM
Hi Mark,
I guess I was the one who got to the bottom of the other case. Let me help you out with this one. I may need some other outputs like the following:
show service-policy
sh local-host (this one is very large), what I am trying to find out with this one is the Embryonic amount of connections that the device is receiving.
For the 2 connections you are hightling they seem to be normal as they belong to SQL connections.
Mike
05-09-2012 10:19 PM
Hi Mike,
Thanks for the reply. I even sent you a private message regarding with this one.
Here are the information needed. Not sure about the embryonic amount, let me know if
what I sent is incorrect.
INTFW# show service-policy
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 523484182, drop 1859534, reset-drop 0
Inspect: ftp, packet 126584724, drop 5747, reset-drop 260
Inspect: h323 h225 _default_h323_map, packet 33293, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 73593
Inspect: h323 ras _default_h323_map, packet 3924, drop 3072, reset-drop 0
Inspect: rsh, packet 26083, drop 0, reset-drop 0
Inspect: rtsp, packet 33584177, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 376972
Inspect: esmtp _default_esmtp_map, packet 199361835, drop 80131, reset-drop 0
Inspect: skinny , packet 3373, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 88997
Inspect: sunrpc, packet 8558, drop 1, reset-drop 10
tcp-proxy: bytes in buffer 0, bytes dropped 28
Inspect: xdmcp, packet 554, drop 41, reset-drop 0
Inspect: sip , packet 651549, drop 5, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 3169
Inspect: netbios, packet 83649497, drop 0, reset-drop 0
Inspect: tftp, packet 369, drop 0, reset-drop 0
Class-map: global-class
IPS: card status Unresponsive, mode inline fail-open, sensor vs0
packet input 197451550328, packet output 197459152624, drop 3901726, reset-drop 395164
INTFW# show local-host
Interface inside: 670 active, 882 maximum active, 0 denied
local host:
TCP flow count/limit = 9/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 2/unlimited
Conn:
TCP outside x.x.x.37:80 inside x.x.x.13:56634, idle 0:00:19, bytes 1539, flags UIO
TCP outside 220.73.140.37:80 inside x.x.x.13:56633, idle 0:00:19, bytes 3162, flags UIO
TCP outside 220.73.140.37:80 inside x.x.x.13:56632, idle 0:00:19, bytes 3089, flags UIO
TCP outside 220.73.140.37:80 inside x.x.x.13:56631, idle 0:00:19, bytes 6446, flags UIO
TCP outside 10.20.2.61:80 inside x.x.x.13:56630, idle 0:03:31, bytes 5856, flags UFRIO
UDP outside 180.68.204.199:5005 inside x.x.x.13:61775, idle 0:00:01, bytes 24640, flags -
TCP outside 180.68.204.199:554 inside x.x.x.13:56437, idle 0:00:00, bytes 34392, flags UIO
TCP outside 220.73.163.212:554 inside x.x.x.13:56423, idle 0:00:54, bytes 2372747, flags UIO
TCP outside 10.20.1.31:12571 inside x.x.x.13:51540, idle 0:00:00, bytes 247756, flags UIO
TCP outside 10.20.2.41:80 inside x.x.x.13:49846, idle 0:00:49, bytes 321266, flags UIO
UDP outside 180.68.204.199:5004 inside x.x.x.13:61776, idle 0:00:00, bytes 128849882, flags -
local host: <12.230.220.182>,
TCP flow count/limit = 10/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Thanks,
Mark
05-09-2012 10:38 PM
Hi Mark,
Yeah, I saw it I answered that one as well, lets do the following and track this down. Would you please do a clear service-policy and then do show service-policy one more time (After clearing it, wait for 2 or 3 minutes and grab the show service-policy again)
Mike
05-09-2012 11:12 PM
Hi Mike,
Thanks, here is the result after clearing the service-policy.
INTFW(config)# show service-policy
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 4755, drop 29, reset-drop 0
Inspect: ftp, packet 4594, drop 0, reset-drop 0
Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: rsh, packet 0, drop 0, reset-drop 0
Inspect: rtsp, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 928, drop 0, reset-drop 0
Inspect: skinny , packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: sunrpc, packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0
Inspect: sip , packet 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: netbios, packet 551, drop 0, reset-drop 0
Inspect: tftp, packet 0, drop 0, reset-drop 0
Class-map: global-class
IPS: card status Unresponsive, mode inline fail-open, sensor vs0
packet input 0, packet output 0, drop 0, reset-drop 0
Thanks,
Mark
05-10-2012 08:42 AM
Hi Mark,
Did you wait for a couple of minutes? It doesnt seem an inspection issue. Can you do clear traffic/Interface, wait for a couple of minutes and then do another show traffic/interface? (Make sure that the CPU is above 85 when you do the tests)
Mike.
05-10-2012 08:44 AM
Also,
Please do the following:
Capture inside interface inside
Once you complete the capture, do a "show cap inside" see if a single host is showing there. The amount of errors on the insider interface is something to be worried about.
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff5, MTU 1500
IP address x.x.x.9, subnet mask 255.255.255.248
197887766666 packets input, 24998369433168 bytes, 0 no buffer
Received 278288 broadcasts, 0 runts, 0 giants
38632921 input errors, 0 CRC, 0 frame, 38632921 overrun, 0 ignored, 0 abo
Mike
05-10-2012 05:57 PM
Hi Mike,
Yes I waited for more than 5 mins. Here are the information needed, I waited for 10 mins after I cleared the traffic & interface. And also I included the proc cpu-usage to make sure the CPU is above 85%. The result is quite large but I post the whole information anyway.
INTFW(config)# show proc cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
081aa324 6bdaf870 80.7% 80.7% 80.5% Dispatch Unit
08bd08d6 6bda9210 5.7% 5.7% 5.7% Logger
0929b50a 6bdaa9b0 0.1% 0.0% 0.0% Checkheaps
INTFW(config)# show traffic
folink:
received (in 747.770 secs):
1186 packets 88420 bytes
1 pkts/sec 118 bytes/sec
transmitted (in 747.770 secs):
42724 packets 50250540 bytes
57 pkts/sec 67200 bytes/sec
1 minute input rate 1 pkts/sec, 118 bytes/sec
1 minute output rate 49 pkts/sec, 58022 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 117 bytes/sec
5 minute output rate 58 pkts/sec, 69427 bytes/sec
5 minute drop rate, 0 pkts/sec
outside:
received (in 747.770 secs):
1145778 packets 991636628 bytes
1532 pkts/sec 1326125 bytes/sec
transmitted (in 747.770 secs):
8754737 packets 938872744 bytes
11707 pkts/sec 1255563 bytes/sec
1 minute input rate 1563 pkts/sec, 1266067 bytes/sec
1 minute output rate 11699 pkts/sec, 1432560 bytes/sec
1 minute drop rate, 27 pkts/sec
5 minute input rate 1481 pkts/sec, 1292937 bytes/sec
5 minute output rate 11642 pkts/sec, 1201762 bytes/sec
5 minute drop rate, 27 pkts/sec
inside:
received (in 749.920 secs):
8694743 packets 937999985 bytes
11594 pkts/sec 1250800 bytes/sec
transmitted (in 749.920 secs):
1115172 packets 982631039 bytes
1487 pkts/sec 1310314 bytes/sec
1 minute input rate 11621 pkts/sec, 1429216 bytes/sec
1 minute output rate 1526 pkts/sec, 1256246 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 11543 pkts/sec, 1197691 bytes/sec
5 minute output rate 1448 pkts/sec, 1282070 bytes/sec
5 minute drop rate, 2 pkts/sec
dmz:
received (in 749.920 secs):
1016 packets 61624 bytes
1 pkts/sec 82 bytes/sec
transmitted (in 749.920 secs):
1092 packets 66512 bytes
1 pkts/sec 88 bytes/sec
1 minute input rate 5 pkts/sec, 358 bytes/sec
1 minute output rate 5 pkts/sec, 365 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 37 bytes/sec
5 minute output rate 1 pkts/sec, 43 bytes/sec
5 minute drop rate, 0 pkts/sec
----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 750.670 secs):
1148372 packets 1015189440 bytes
1529 pkts/sec 1352377 bytes/sec
transmitted (in 750.670 secs):
8787467 packets 1103440157 bytes
11706 pkts/sec 1469940 bytes/sec
1 minute input rate 1563 pkts/sec, 1295849 bytes/sec
1 minute output rate 11699 pkts/sec, 1646462 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1482 pkts/sec, 1320981 bytes/sec
5 minute output rate 11642 pkts/sec, 1414888 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 750.670 secs):
8703391 packets 1097968273 bytes
11594 pkts/sec 1462651 bytes/sec
transmitted (in 750.670 secs):
1115916 packets 1004257690 bytes
1486 pkts/sec 1337815 bytes/sec
1 minute input rate 11621 pkts/sec, 1641334 bytes/sec
1 minute output rate 1526 pkts/sec, 1285324 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 11543 pkts/sec, 1408490 bytes/sec
5 minute output rate 1448 pkts/sec, 1309465 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 751.330 secs):
1016 packets 83158 bytes
1 pkts/sec 110 bytes/sec
transmitted (in 751.330 secs):
1093 packets 89526 bytes
1 pkts/sec 119 bytes/sec
1 minute input rate 5 pkts/sec, 460 bytes/sec
1 minute output rate 5 pkts/sec, 469 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 62 bytes/sec
5 minute output rate 1 pkts/sec, 71 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 751.330 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 751.330 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Control0/0:
received (in 752.000 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 752.000 secs):
2350 packets 163298 bytes
3 pkts/sec 217 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 3 pkts/sec, 217 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 3 pkts/sec, 217 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 752.000 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 752.000 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 752.540 secs):
1193 packets 105648 bytes
1 pkts/sec 140 bytes/sec
transmitted (in 752.540 secs):
42939 packets 51105472 bytes
57 pkts/sec 67910 bytes/sec
1 minute input rate 1 pkts/sec, 140 bytes/sec
1 minute output rate 49 pkts/sec, 58717 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 139 bytes/sec
5 minute output rate 58 pkts/sec, 70253 bytes/sec
5 minute drop rate, 0 pkts/sec
INTFW(config)# show interface
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff4, MTU 1500
IP address x.x.x.6, subnet mask 255.255.255.248
1243867 packets input, 1097864112 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
9513399 packets output, 1198008338 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "outside":
1243866 packets input, 1074333879 bytes
9513399 packets output, 1023795694 bytes
24234 packets dropped
1 minute input rate 1305 pkts/sec, 1069070 bytes/sec
1 minute output rate 11463 pkts/sec, 1252114 bytes/sec
1 minute drop rate, 22 pkts/sec
5 minute input rate 1481 pkts/sec, 1292937 bytes/sec
5 minute output rate 11642 pkts/sec, 1201762 bytes/sec
5 minute drop rate, 27 pkts/sec
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff5, MTU 1500
IP address x.x.x.9, subnet mask 255.255.255.248
9423492 packets input, 1192203893 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
1209991 packets output, 1086417436 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "inside":
9423446 packets input, 1020077321 bytes
1209991 packets output, 1063530712 bytes
2313 packets dropped
1 minute input rate 11409 pkts/sec, 1250005 bytes/sec
1 minute output rate 1280 pkts/sec, 1058571 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 11543 pkts/sec, 1197691 bytes/sec
5 minute output rate 1448 pkts/sec, 1282070 bytes/sec
5 minute drop rate, 2 pkts/sec
Interface GigabitEthernet0/2 "dmz", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff6, MTU 1500
IP address x.x.x.17, subnet mask 255.255.255.248
1239 packets input, 99144 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
1323 packets output, 106072 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/136)
Traffic Statistics for "dmz":
1239 packets input, 71724 bytes
1323 packets output, 77092 bytes
0 packets dropped
1 minute input rate 1 pkts/sec, 117 bytes/sec
1 minute output rate 2 pkts/sec, 125 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 37 bytes/sec
5 minute output rate 1 pkts/sec, 43 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet0/3 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address d0d0.fd3f.0ff7, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/255)
output queue (blocks free curr/low): hardware (255/255)
Interface Management0/0 "folink", is up, line protocol is up
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Description: LAN/STATE Failover Interface
MAC address d0d0.fd3f.0ff3, MTU 1500
IP address x.x.x.1, subnet mask 255.255.255.0
1292 packets input, 114396 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
46293 packets output, 55107556 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/2)
output queue (curr/max packets): hardware (0/14) software (0/1)
Traffic Statistics for "folink":
1292 packets input, 96308 bytes
46293 packets output, 54459454 bytes
0 packets dropped
1 minute input rate 1 pkts/sec, 117 bytes/sec
1 minute output rate 46 pkts/sec, 54715 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 117 bytes/sec
5 minute output rate 58 pkts/sec, 69427 bytes/sec
5 minute drop rate, 0 pkts/sec
About the show cap inside, the result is huge,but here is partial the result:
INTFW(config)# capture inside interface inside
INTFW(config)# show capture inside
1861 packets captured
1: 08:37:39.019209 x.x.x.61.110 > x.x.x.20.49957: . 472732794:472734074(1280) ack 1268278275 win 46
2: 08:37:39.019240 x.x.x.66.1521 > x.x.x.11.39866: P 729052152:729052783(631) ack 1465609040 win 32768
3: 08:37:39.019255 x.x.x.61.110 > x.x.x.20.49957: . 472734074:472735354(1280) ack 1268278275 win 46
4: 08:37:39.019270 x.x.x.20.49957 > x.x.x.61.110: . ack 472839034 win 65340
5: 08:37:39.019286 x.x.x.183.4268 x.x.x.62.445: S 3250706787:3250706787(0) win 65535
6: 08:37:39.019316 x.x.x.183.4269 > x.x.x.23.445: S 4159126031:4159126031(0) win 65535
7: 08:37:39.019331 x.x.x .171.3941 x.x.x.51.445: S 1553740699:1553740699(0) win 65535
8: 08:37:39.019469 x.x.x.49.2424 > x.x.x.100.445: S 2283719153:2283719153(0) win 65535
9: 08:37:39.019606 x.x.x.177.4408 > x.x.x.71.445: S 3376639730:3376639730(0) win 65535
10: 08:37:39.019637 x.x.x.177.4407 x.x.x.52.445: S 3066399355:3066399355(0) win 65535
11: 08:37:39.019652 x.x.x.84.4075 > x.x.x.118.445: S 1447481176:1447481176(0) win 65535
12: 08:37:39.019667 x.x.x.84.4078 > x.x.x.19.445: S 3779456741:3779456741(0) win 65535
13: 08:37:39.019682 x.x.x.84.4081 x.x.x.91.445: S 4014525488:4014525488(0) win 65535
14: 08:37:39.019698 x.x.x.84.4082 x.x.x.117.445: S 320204595:320204595(0) win 65535
15: 08:37:39.019698 x.x.x.84.4083 > x.x.x.49.445: S 1669588661:1669588661(0) win 65535
16: 08:37:39.019713 x.x.x.84.4084 x.x.x.117.445: S 3680195247:3680195247(0) win 65535
17: 08:37:39.019728 x.x.x.84.4085 x.x.x.105.445: S 4046587513:4046587513(0) win 65535
18: 08:37:39.019743 x.x.x.84.4088 > x.x.x.83.445: S 501999771:501999771(0) win 65535
19: 08:37:39.019743 x.x.x.84.4089 > x.x.x.115.445: S 247404973:247404973(0) win 65535
20: 08:37:39.019759 x.x.x.84.4090 > x.x.x.445: S 2900777504:2900777504(0) win 65535
21: 08:37:39.019774 x.x.x.84.4091 > x.x.x.72.445: S 2976605973:2976605973(0) win 65535
22: 08:37:39.019789 x.x.x.4706 > x.x.x.47.445: S 3673016963:3673016963(0) win 65535
23: 08:37:39.019911 x.x.x.62.4695 x.x.x.23.445: S 1247732881:1247732881(0) win 65535
24: 08:37:39.020033 x.x.x.239.4213 > x.x.x.33.445: S 4000077130:4000077130(0) win 65535
25: 08:37:39.020155 x.x.x.70.2107 x.x.x.118.445: S 3435131153:3435131153(0) win 65535
26: 08:37:39.020277 x.x.x.93.1832 x.x.x.32.445: S 609793484:609793484(0) win 65535
27: 08:37:39.020399 x.x.x.126.2470 x.x.x.94.445: S 3058158037:3058158037(0) win 65535
28: 08:37:39.020522 x.x.x.70.2108 x.x.x.63.445: S 3611138674:3611138674(0) win 65535
29: 08:37:39.020796 x.x.x 61.110 > x.x.x.20.49957: . 472735354:472736634(1280) ack 1268278275 win 46
30: 08:37:39.020811 x.x.x.66.1521 > x.x.x.11.39866: P 729052783:729054163(1380) ack 1465609040 win 32768
Hope this could help
Thanks,
Mark
05-10-2012 06:12 PM
Hi Mike,
After I sent you the information above, the CPU usage suddenly increased from 86% to 95%. It really worries me.
Thanks,
Mark
05-10-2012 06:19 PM
here's the result of show interface/traffice while the usage is 95%.
folink:
received (in 4239.570 secs):
6717 packets 500710 bytes
1 pkts/sec 118 bytes/sec
transmitted (in 4239.570 secs):
228659 packets 268674466 bytes
53 pkts/sec 63373 bytes/sec
1 minute input rate 1 pkts/sec, 116 bytes/sec
1 minute output rate 59 pkts/sec, 69824 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 118 bytes/sec
5 minute output rate 56 pkts/sec, 66114 bytes/sec
5 minute drop rate, 0 pkts/sec
outside:
received (in 4239.570 secs):
6037913 packets 5176235403 bytes
1424 pkts/sec 1220934 bytes/sec
transmitted (in 4239.570 secs):
49016207 packets 4991253698 bytes
11561 pkts/sec 1177301 bytes/sec
1 minute input rate 1337 pkts/sec, 1233748 bytes/sec
1 minute output rate 11413 pkts/sec, 871624 bytes/sec
1 minute drop rate, 31 pkts/sec
5 minute input rate 1255 pkts/sec, 1077565 bytes/sec
5 minute output rate 11387 pkts/sec, 912641 bytes/sec
5 minute drop rate, 32 pkts/sec
inside:
received (in 4240.570 secs):
48582307 packets 4975073589 bytes
11456 pkts/sec 1173208 bytes/sec
transmitted (in 4240.570 secs):
5876344 packets 5122454084 bytes
1385 pkts/sec 1207963 bytes/sec
1 minute input rate 11324 pkts/sec, 868583 bytes/sec
1 minute output rate 1309 pkts/sec, 1221962 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 11302 pkts/sec, 910108 bytes/sec
5 minute output rate 1219 pkts/sec, 1065426 bytes/sec
5 minute drop rate, 3 pkts/sec
dmz:
received (in 4240.580 secs):
8713 packets 488304 bytes
2 pkts/sec 115 bytes/sec
transmitted (in 4240.580 secs):
9145 packets 515852 bytes
2 pkts/sec 121 bytes/sec
1 minute input rate 3 pkts/sec, 246 bytes/sec
1 minute output rate 3 pkts/sec, 254 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 98 bytes/sec
5 minute output rate 2 pkts/sec, 104 bytes/sec
5 minute drop rate, 0 pkts/sec
----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 4240.750 secs):
6038921 packets 5291388067 bytes
1424 pkts/sec 1247748 bytes/sec
transmitted (in 4240.750 secs):
49029378 packets 5890308249 bytes
11561 pkts/sec 1388977 bytes/sec
1 minute input rate 1337 pkts/sec, 1259044 bytes/sec
1 minute output rate 11413 pkts/sec, 1080710 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1255 pkts/sec, 1101447 bytes/sec
5 minute output rate 11387 pkts/sec, 1120950 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 4240.970 secs):
48586963 packets 5863132435 bytes
11456 pkts/sec 1382497 bytes/sec
transmitted (in 4240.970 secs):
5876726 packets 5234080445 bytes
1385 pkts/sec 1234170 bytes/sec
1 minute input rate 11324 pkts/sec, 1075531 bytes/sec
1 minute output rate 1309 pkts/sec, 1246617 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 11302 pkts/sec, 1116430 bytes/sec
5 minute output rate 1219 pkts/sec, 1088789 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 4241.020 secs):
8713 packets 685074 bytes
2 pkts/sec 161 bytes/sec
transmitted (in 4241.020 secs):
9145 packets 720740 bytes
2 pkts/sec 169 bytes/sec
1 minute input rate 3 pkts/sec, 325 bytes/sec
1 minute output rate 3 pkts/sec, 335 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 147 bytes/sec
5 minute output rate 2 pkts/sec, 155 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 4241.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 4241.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Control0/0:
received (in 4241.250 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 4241.250 secs):
13332 packets 921244 bytes
3 pkts/sec 217 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 3 pkts/sec, 217 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 3 pkts/sec, 217 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 4241.260 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 4241.260 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 4241.470 secs):
6721 packets 595108 bytes
1 pkts/sec 140 bytes/sec
transmitted (in 4241.470 secs):
228768 packets 271999784 bytes
53 pkts/sec 64128 bytes/sec
1 minute input rate 1 pkts/sec, 138 bytes/sec
1 minute output rate 59 pkts/sec, 70654 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 140 bytes/sec
5 minute output rate 56 pkts/sec, 66900 bytes/sec
5 minute drop rate, 0 pkts/sec
INTFW#INTFW# show interface
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff4, MTU 1500
IP address x.x.x.6, subnet mask 255.255.255.248
6074570 packets input, 5320402892 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
49384576 packets output, 5928936804 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "outside":
6074552 packets input, 5205271033 bytes
49384576 packets output, 5024472630 bytes
130590 packets dropped
1 minute input rate 1208 pkts/sec, 1023727 bytes/sec
1 minute output rate 11329 pkts/sec, 915489 bytes/sec
1 minute drop rate, 33 pkts/sec
5 minute input rate 1255 pkts/sec, 1077565 bytes/sec
5 minute output rate 11387 pkts/sec, 912641 bytes/sec
5 minute drop rate, 32 pkts/sec
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff5, MTU 1500
IP address x.x.x.9, subnet mask 255.255.255.248
48938018 packets input, 5901411677 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
44274 input errors, 0 CRC, 0 frame, 44274 overrun, 0 ignored, 0 abort
0 L2 decode drops
5911183 packets output, 5262643902 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "inside":
48937873 packets input, 5007323456 bytes
5911183 packets output, 5150641516 bytes
14369 packets dropped
1 minute input rate 11262 pkts/sec, 912922 bytes/sec
1 minute output rate 1174 pkts/sec, 1015701 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 11302 pkts/sec, 910108 bytes/sec
5 minute output rate 1219 pkts/sec, 1065426 bytes/sec
5 minute drop rate, 3 pkts/sec
Interface GigabitEthernet0/2 "dmz", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address d0d0.fd3f.0ff6, MTU 1500
IP address x.x.x.17, subnet mask 255.255.255.248
8825 packets input, 697162 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
9261 packets output, 733192 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/136)
Traffic Statistics for "dmz":
8825 packets input, 498376 bytes
9261 packets output, 526216 bytes
0 packets dropped
1 minute input rate 1 pkts/sec, 83 bytes/sec
1 minute output rate 2 pkts/sec, 89 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 98 bytes/sec
5 minute output rate 2 pkts/sec, 104 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet0/3 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address d0d0.fd3f.0ff7, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/255)
output queue (blocks free curr/low): hardware (255/255)
Interface Management0/0 "folink", is up, line protocol is up
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Description: LAN/STATE Failover Interface
MAC address d0d0.fd3f.0ff3, MTU 1500
IP address x.x.x.1, subnet mask 255.255.255.0
6772 packets input, 599628 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
230338 packets output, 273856080 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/2)
output queue (curr/max packets): hardware (0/21) software (0/1)
Traffic Statistics for "folink":
6772 packets input, 504820 bytes
230338 packets output, 270631348 bytes
0 packets dropped
1 minute input rate 1 pkts/sec, 119 bytes/sec
1 minute output rate 57 pkts/sec, 67208 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 118 bytes/sec
5 minute output rate 56 pkts/sec, 66114 bytes/sec
5 minute drop rate, 0 pkts/sec
thanks
05-10-2012 06:44 PM
Mark,
There is just too much netBios traffic getting to the ASA, are the Domain controllers on the other side of the network other than the inside? Can you enable the logs on the ASA?
Mike
05-10-2012 06:52 PM
Hi Mike,
I'm sorry I didn't get your question about the domain controller. The command is logging enable, right? Just want to make sure.
Thanks,
Mark
05-10-2012 07:56 PM
Logging on, but I think it is already enable. Now, regarding to the Domain controllers. Are they on the same subnet as the clients? Cuz I see a lot of 445 traffic, which is basically netbios over TCP (Most commonly known as file shares on any windows environment). Do you have any of these File shares on another interface different from where the clients are?
Mike
05-10-2012 08:28 PM
Hi Mike,
Our clients have different subnets, depends on location and department like x.x.220.0,x.x.221.0,x.x.222.0,x.x.223.0,224 & 225. And yes we do share files. our ftp and our servers reside on x.x.210.0 network. and ASA is on x.x.233.0 network. I'm not really sure if this is the one you are asking but I hope this could help.
The CPU usage remains 94% for more than an hour now.
Thanks,
Mark
05-10-2012 08:36 PM
Where you able to get the logs?
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide