01-03-2006 10:58 AM - edited 02-21-2020 12:37 AM
There is a lot of traffic coming through the our PIX. Is there a command (like ip accounting) on the Pix so I can find out what this traffic is and were it is going
01-03-2006 12:27 PM
hi if the traffic is flowing from the inside u can see the xlate table with the show xlate command
show conn will also show all the connection passing through the pix. u can also usea ethereal sniffer to see the traffic going towards the pix. hope this helps and if yes then pls rate it
sebastan
01-03-2006 02:13 PM
Setup a syslog server to capture the output from the PIX based on what logging levels you have setup. (KIWI works well). You may need to experiment with the logging levels as the logs can get quite large quickly. Based on the levels, you can choose to output only critical or warning messages, or you can output debug to see everything (hope you have a lot of disk space).
01-05-2006 03:13 PM
If it were me I would sniff the traffic and generate some TopN reports. Maybe you just have one host abusing the bandwidth...?
You can either capture the traffic on the PIX and export it or setup a sniffer to SPAN one of the interfaces. I prefer to use an external sniffer but you'd probably need local access to the equipment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide