01-23-2008 02:50 AM - edited 03-11-2019 04:52 AM
Hi guys, this is my first post so be gentle :P
We have a 515e PIX and we want to be able to see view the traffic coming through certain interfaces.
I'll tell the story behind what im trying to achieve to hopefully give you better understanding of what I want.
Yesterday we were having an issue with one of our external customers; they reported that our information wasn't getting to them when they were requesting it. We wanted to prove to them that the information they wanted was being sent to them and was leaving our PIX.
We could see our web servers sending the packets to our Traffic managers by using Wireshark. I then tried to port mirror the external PIX interface to a laptop and run a packet capture but it didn't seem to get the information I would have expected to get.
In the end we contacted our ISP and got them to monitor our connection for traffic to the IP required.
We currently use Cisco ADSM Launcher to do some basic PIX monitoring, can I get the information I need for this application? I have tried different logging settings but I can't seem to get the information I need, maybe I've missed something?
Or is there a better application that we could use? Or a different method
Anything thoughts or suggestions will be greatfully received.
Kind Regards
Simon
01-23-2008 02:16 PM
Does your external switch provide port mirroring? Do you have an access list that is blocking the outbound traffic?
01-24-2008 12:43 AM
Hiya, there isn't an access list blocking the traffic.
Basicly its all working fine and it was a problem with the external customer, we just wanted a way to prove that we were sending them the data. I am looking into this now in case we have a problem like this in the future.
We have Cisco 3750's in a Stack.
I did try to perform port mirroring, but for some reason the ports i wanted to monitor e.g the port where the router plugs into the switch or the port where the External interface from the PIX plugs into the switch didnt show me the results i expected. I wasn't sure if i had set mirroring up correctly so i mirrored a server port and this gave the results i expected proving it was working correctly.
Is there any difference in the traffic going between a switch and firewall to traffic going from a server to a switch?
I use Wireshark to monitor the packets.
Regards
Simon
01-25-2008 03:29 AM
Hi guys, i have found the solution i need.
I am using the capture command to capture packets on the interface i need, i am then exporting the capture into Wireshark to filter down the results.
More information on capturing can be found here:
http://www.cisco.com/warp/public/110/23.html
More details on using Capture
http://www.computernetworkinghelp.com/content/view/40/1/
Regards
Simon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: