07-12-2010 08:09 AM - edited 03-11-2019 11:10 AM
Good morning:
I have cisco ASA 5520 and i am having high traffic per hour from my internal interface, For example can have 700 or 800 MB, this behavior come happening since 3 weeks ago.
Can someone help me to know whats is happening?
Thank in advance
Solved! Go to Solution.
07-12-2010 09:14 AM
Hello,
Please make sure that the below commands are in your configuration:
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400
average-rate 200
If these are present, then when you go to the firewall dashboard on the
ASDM, it will show you top 10 services, top 10 sources, and top 10
destinations. One limitation is that while you can get these statistics in
general, you might have to use different techniques (like sniffing the
traffic using wireshark) to actually look at the type of traffic for top
talkers.
Hope this helps.
Regards,
NT
07-12-2010 08:12 AM
Hello,
If you have installed ASDM, if you go to the ASDM dashboard, there is a section that lists all the top talkers. It will also list the percentage of traffic per protocol (top 10) as well. You can use that to see which of your internal hosts are generating so much of traffic.
Hope this helps.
Regards,
NT
07-12-2010 08:21 AM
Thank you, Nagaraja Thanthry
Yes, I discovered the strange behavior in this section of ASDM (Top talkers by Bytes last hour), but I can't (or yes?) see the traffic(Protocol) and the other peer in this graphs .
Exist some way to see the corresponded traffic for this high consume
Thank in advance.
07-12-2010 09:14 AM
Hello,
Please make sure that the below commands are in your configuration:
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400
average-rate 200
If these are present, then when you go to the firewall dashboard on the
ASDM, it will show you top 10 services, top 10 sources, and top 10
destinations. One limitation is that while you can get these statistics in
general, you might have to use different techniques (like sniffing the
traffic using wireshark) to actually look at the type of traffic for top
talkers.
Hope this helps.
Regards,
NT
07-13-2010 08:59 AM
Thank you, Nagaraja Thanthry
I told you about this graphs in ASDM, they are available in the ASDM, but i can't determine the source, destination and protocol in the traffic mentioned, with the information in they.
I go to use the sniffer to see the traffic.
Thank you for your help.
Hector.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide