I have 5 linux and 3 Microsoft 2008 Servers, each connected to 2 Cisco 3560 Switches. The 2 Cisco 3560 switches are connected to 2 different Cisco 515e Pix. Is it possible that if i enable Port SPAN in any of the switchport and send a copy of traffic to any of the windows 2008 server, will i be able to monitor the bandwidth of the servers (Here I am only looking for traffic going from servers to PIX and then to internet, also vice versa).
Also will wireshark be able to differentiate specify the bandwidth of each servers seperately ?
Your suggestions would be highly appreciable.
Thanks in advance
With that method you will end up with 100s of megabytes of traffic per day that will be very difficult to analyse.
My suggestion is to enable SNMP on the switch ports used by the server to monitor traffic.
You can then use a tool like Catci to graph the results.
The PIX might be too old but check whether it supports Netflow. This is another alternative.
Don't forget to rate all posts that are helpful.
NetFlow would have been the most suitable solution for traffic monitoring between end-points but unfortunately Cisco PIX does not support NetFlow export. The only Cisco firewall with NetFlow capability is Cisco ASA with IOS 8.2 onwards.
The solution will be to use SNMP as Sean stated, but SNMP shows IN and OUT traffic for the an interface and does not allow you to filter further based on source and destination. So, if the switch port carries server-to-server traffic as well as server-to-PIX traffic, SNMP stats of that switch-port will include all traffic and not just the server-to-PIX traffic.
An alternate option is to mirror traffic from the PIX to a server and run a NetFlow generator from there. This way, you will not need the resources or expertise associated with packet capture and can still know the bandwidth to and from the servers as well as detailed information like application, port, protocol, destination IP (provided there is no NAT), etc. Opensource solutions you can consider are nProbe, f-Probe, etc. Install the solutions on the server taking the mirrored traffic and it will take care of generating NetFlow data from that traffic. Then, you can use a flow analyzer to get your bandwidth reports based on source to destination IP Address.
Don Thomas Jacob
NOTE: Please rate posts and close questions if you have found the required information
Thanks Sean and Don for your valuable comments. Sorry for the late reply as i was out of station and was only able to access through mobile. I have created a network scenario with similar. Could you please spare some time and suggest a suitable way for the same.
In the above figure the communication comes as below;
From Internet -- ISP managed device -- Switch 1/Switch 2 -- Firewall 1/Firewall 2 (outside interface) -- Firewall 1/Firewall 2 (inside interface) -- Switch 1/Switch 2 -- Servers
The communication from servers to internet is also vice versa.
Kindly suggest your valuable comments regarding the same. Thanks in advance.