How to get Top Talkers on ASA ?

nirav.bhatt · ‎09-25-2012

hi Friends,

We ahave ASA 5510 and 5520 @ our office. We are not using any netflow tools in order to get the talk talklers.

As this firewalls are shared firewall (used by different Projects), we are not able to get , which project is using more traffic and which is less.

Can someone help me out in this ?

Regards

Nirav Bhatt

Luis Silva Benavides · ‎09-27-2012

Hi Nirav,

You can some of the information you are looking for with thread-detection.. On the ASA you can find the top 10 souces, top 10 destination, and most used protocols on the network.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/protect.html#wpxref82650

Luis

Luis Silva

Le Gazman · ‎04-30-2013

I know this is an old thread, but I'm hoping this will come in handy for anyone doing a search.

All our 5505's and 5510's are on ASA 8.2(5) and didn't get some of the nicer "top 10" features that come with later versions. I always assumed it was due to the ASA version, but I built an ASA recently on 8.2(5) which has ASDM 7.1(2) on it and the pie charts for top talkers is there now.

I'm in the process of updating all our devices to ASDM 7.1(2) and it's given us a lot more visibility of the network.

Luis Silva Benavides · ‎05-17-2013

That is great! Go for it!

Luis Silva

vincent.monnier · ‎07-01-2013

Hi Nirav,

If you've got a linux server, you can copy/past the "show conn" command output in a file and just use the awk command :

cat /tmp/ASA_show_conn_ouput |awk '{print $9, $1, $3, $5}' |sort -nr | head -10

You will get the TOP10 connexions by nb of bytes.

Vincent

Matias Ortiz · ‎01-28-2016

Thanks Vicent, this trick is excellent!.

satish.txt1 · ‎11-30-2017

In "show conn " we have 700k entries, how do i take it over linux machine?