Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
5
Helpful
4
Replies

Outburst of Traffic

westfordplace1988
Level 1
Level 1

‎03-06-2022 12:12 PM

Hello all!

 

This will be basic and... weird, ok, but i do not see any other option but to post this on the Cisco community.

 

i have a FW which is "hosting" let's say, 5 VLANs and , ofc, its "outside" interface.

 

say, i have "inside-10" (192.168.10.0/24), "inside-11" (192.168.11.0/24), "inside-12" (192.168.12.0/24) and so on.

 

all of em, same security level except for the "outside" (my internet link, ofc)

 

so, the real question, i there a way for me to know who is the host that is generating PEAKS of traffic WITHOUT using PRTG or something like that ? Do i NEED to use PRTG? I need to know which host is generating these... outbursts of traffic.

 

Is there a way? Thank you all SO much in advance!

Labels:
4 Replies 4

paul driver
VIP
VIP

‎03-06-2022 01:55 PM

Hello
What kind of fw do you have and what type of users do you want to capture.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-06-2022 02:10 PM

If this is ASA FW, you can use show connection or top talkers using ASDM, i would advise to set up a Netflow :

 

https://community.cisco.com/t5/security-documents/configuring-netflow-on-asa-with-asdm/ta-p/3119466

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

westfordplace1988
Level 1
Level 1
In response to balaji.bandi

‎03-06-2022 02:48 PM

Hello Balaji!

 

Yes, it is a Cisco FW, an 5525 one.

The thing is that... the result of "show conn" would not discriminate the bandwidth consumption, i guess!

The problem is only with the "outside" interface, suddenly, "someone" makes it reach 160k to 190k when it should not be more than 30k

 

I read the NetFlow link, i hope it works.

 

But i was just looking for something easier to tell me which is the host that's generating those "traffic peaks"

 

Can i do that using "show conn" ?? If so, i do not know the full syntax.

 

If "show conn" would not be enough, i guess, i shoul set up NetFlow... ?

 

Thanks!

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to westfordplace1988

‎03-06-2022 03:07 PM

If this short peak you will not able to know, as suggested look, ASDM top talkers, to get some idea and information.

 

https://community.cisco.com/t5/network-security/asa-top-talkers/m-p/3213007

 

 

for a proper solution and visibility NetFlow always counted in.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents