Solved: Monitoring traffic

timothy_MTS · ‎08-22-2023

Hello,

I recently got a complain on the internet streaming through our internal network going out to Youtube or Facebook.

In the normal hours, we are working fine, no one complain about the traffic or the streaming, smooth on everything.

But during some time in the afternoon, we noticed that the traffic of our internet spike to over 500MB. It affects our streaming. And becoming choppy.

Is there any way we can find out the where are the inbound / outbound traffic? I have the Zabbix monitoring server, and now can only show the traffic being burst. But can I find out what is inside?

The graph below shows the spike in the afternoon the day before. The one in the morning is also doing the same thing, but we don't experience any choking on the networks/streaming. Both time we do the streaming.

Can give me some idea on how to find the traffic out?

We have C2960XR as the switches, and ASA5516 as the firewall.

Marvin Rhoads · ‎08-22-2023

I agree with @Flavio Miranda - Netflow is your friend here. You can setup a free PTRG instance to collect Netflow exported from the ASA and easily see the top sources/destinations of traffic. Looking at the ASA directly won't show you that sort of info. You can certainly see CPU, memory, connections, etc. but mostly only a a point in time for connections/ flows and that's what you need in this case.

View solution in original post

Flavio Miranda · ‎08-23-2023

@timothy_MTS

Asa support netflow, you can enable in both devices although they will see the same information.

View solution in original post

Flavio Miranda · ‎08-22-2023

Hi @timothy_MTS

In order to see traffic you can enable netflow on the switch. Send the flow to a server. You can use free tools like Grafana in order to graphic the output.

There are others alternative on the internet, this is just an example.

Another thing to check is if the firewall is able to handle all the connections properly. UDP traffic like streaming can saturate firewall easily. Check firewall capacity.

timothy_MTS · ‎08-22-2023

Thanks @Flavio Miranda

ok. True that we need something to monitor / analyze on what's going on.

But from the Firewall itself, does it have anything that I can check besides the CPU, Memory. What I am thinking, if traffic going through the interfaces of the firewall, no matter just a short period of time, not those history.

Marvin Rhoads · ‎08-22-2023

I agree with @Flavio Miranda - Netflow is your friend here. You can setup a free PTRG instance to collect Netflow exported from the ASA and easily see the top sources/destinations of traffic. Looking at the ASA directly won't show you that sort of info. You can certainly see CPU, memory, connections, etc. but mostly only a a point in time for connections/ flows and that's what you need in this case.

Flavio Miranda · ‎08-23-2023

@timothy_MTS

Asa support netflow, you can enable in both devices although they will see the same information.

timothy_MTS · ‎08-24-2023

@Flavio Miranda @Marvin Rhoads

Having successfully plot the Netflow information to the PRTG analyze tool. It gives a great picture on it.

Next will fine tune it to have 24 7 monitoring. Thank you for the great help.

Cheers,

Timothy

Flavio Miranda · ‎08-24-2023

that´s great @timothy_MTS glad to hear you suceeded