Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

Scan traffic to a public IP

hilmarinex
Level 1
Level 1

‎02-20-2013 05:51 AM - edited ‎03-11-2019 06:03 PM

Hi,

Im having problems with google saying we generate to much traffic to www.google.com.

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Faq%3Df%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3Ddfl

I need to know which machines on the inside are talking so much with google. Can this be done via ASA 5510? do i need a third party program for this?

/Hilmar                  

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-20-2013 06:38 AM

Hi,

I'm not sure how many different IP addresses/subnets are involved with Google but if you can create a group of IP addresses/networks then you could

  • Create ACL rule and log hits to the rule in questions to your syslog server and monitor which hosts are connecting to the said IP addresses
  • Create a simple traffic capture on the ASA for the said destination IP addresses and look/parse through the capture file with Wireshark for example

Those are the first two that came to mind.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card