PIX Traffic Monitoring

Unanswered Question
Jan 23rd, 2008
User Badges:

Hi guys, this is my first post so be gentle :P


We have a 515e PIX and we want to be able to see view the traffic coming through certain interfaces.


I'll tell the story behind what im trying to achieve to hopefully give you better understanding of what I want.


Yesterday we were having an issue with one of our external customers; they reported that our information wasn't getting to them when they were requesting it. We wanted to prove to them that the information they wanted was being sent to them and was leaving our PIX.


We could see our web servers sending the packets to our Traffic managers by using Wireshark. I then tried to port mirror the external PIX interface to a laptop and run a packet capture but it didn't seem to get the information I would have expected to get.


In the end we contacted our ISP and got them to monitor our connection for traffic to the IP required.


We currently use Cisco ADSM Launcher to do some basic PIX monitoring, can I get the information I need for this application? I have tried different logging settings but I can't seem to get the information I need, maybe I've missed something?


Or is there a better application that we could use? Or a different method


Anything thoughts or suggestions will be greatfully received.


Kind Regards


Simon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joneschw1 Wed, 01/23/2008 - 14:16
User Badges:

Does your external switch provide port mirroring? Do you have an access list that is blocking the outbound traffic?

moneyfactsplc Thu, 01/24/2008 - 00:43
User Badges:

Hiya, there isn't an access list blocking the traffic.


Basicly its all working fine and it was a problem with the external customer, we just wanted a way to prove that we were sending them the data. I am looking into this now in case we have a problem like this in the future.


We have Cisco 3750's in a Stack.

I did try to perform port mirroring, but for some reason the ports i wanted to monitor e.g the port where the router plugs into the switch or the port where the External interface from the PIX plugs into the switch didnt show me the results i expected. I wasn't sure if i had set mirroring up correctly so i mirrored a server port and this gave the results i expected proving it was working correctly.


Is there any difference in the traffic going between a switch and firewall to traffic going from a server to a switch?


I use Wireshark to monitor the packets.


Regards


Simon

moneyfactsplc Fri, 01/25/2008 - 03:29
User Badges:

Hi guys, i have found the solution i need.


I am using the capture command to capture packets on the interface i need, i am then exporting the capture into Wireshark to filter down the results.


More information on capturing can be found here:


http://www.cisco.com/warp/public/110/23.html

More details on using Capture

http://www.computernetworkinghelp.com/content/view/40/1/


Regards


Simon

Actions

This Discussion