monitoring bandwidth with PIX

Unanswered Question
Jan 28th, 2008

Is there any technique (no matter how primitive) I can use to single out high-bandwidth using private IPs behind my PIX? I am currenty using MRTG and I see a cummulative total of bandwidth usage but I need to know what individual IPs are using the bandwidth.

Thanks,

Diego

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.9 (7 ratings)
Loading.
Collin Clark Mon, 01/28/2008 - 10:45

There really isn't much you can do with the PIX in this situation. You do have other options though. You could use MRTG to monitor your switch ports or you could use a sniffer (ie Wireshark) and see who the top talkers are.

HTH

cisco24x7 Mon, 01/28/2008 - 10:48

I have a better solution. Replace the Pix

with Checkpoint Firewall. You can do this

with Checkpoint SmartView Monitor and it will

give you just about everything you need,

including top talkers.

CCIE Security

DIEGO ALONSO Mon, 01/28/2008 - 11:31

The Wireshark sounds good but I don't have a SPAN capable switch. This would mean trying to find a hub to connect the PIX inside interface and Wireshark machine, no?

m.sir Mon, 01/28/2008 - 12:00

If you don't have SPAN switch on outside interface you can use hub to get copy of all PIX

traffic to the port. Hook up a machine and run either Ethereal (look for

the top talkers) or run nTop.

http://www.ntop.org/

Collin Clark Mon, 01/28/2008 - 12:03

Good idea, but you will probably only see your NAT'd address not the internal IPs.

Collin Clark Mon, 01/28/2008 - 12:10

Google 'PIX' and 'logging' and there are some free options out there that might help. I tried PLA once and it looked decent, but the link is currently down. You may need to turn on debug level logging on the PIX for the app to work properly, check the documentation.

russ Tue, 01/29/2008 - 02:30

Version 8 ASDM gives you top 10 services, talkers and destinations based on IP address, with intervals of 1hr, 8hr and 24hr.

DIEGO ALONSO Tue, 01/29/2008 - 04:48

What are the hardware requirements? I have 506 and 515 PIXes running V6.2 and V6.3 images.

Thanks,

Diego

russ Tue, 01/29/2008 - 06:10

The Pix 506 is not supported, Pix 515 requires 128MB ram for UR licence and 64MB for restricted licence and 16MB flash, see version 8 release notes for further information.

Alejandro Corte... Thu, 01/31/2008 - 15:02

Another way is to use th tool Netflow but you should do this in a router pix do not support netflow

Actions

This Discussion