01-28-2008 10:13 AM - edited 03-11-2019 04:54 AM
Is there any technique (no matter how primitive) I can use to single out high-bandwidth using private IPs behind my PIX? I am currenty using MRTG and I see a cummulative total of bandwidth usage but I need to know what individual IPs are using the bandwidth.
Thanks,
Diego
01-28-2008 10:45 AM
There really isn't much you can do with the PIX in this situation. You do have other options though. You could use MRTG to monitor your switch ports or you could use a sniffer (ie Wireshark) and see who the top talkers are.
HTH
01-28-2008 10:48 AM
I have a better solution. Replace the Pix
with Checkpoint Firewall. You can do this
with Checkpoint SmartView Monitor and it will
give you just about everything you need,
including top talkers.
CCIE Security
01-28-2008 11:31 AM
The Wireshark sounds good but I don't have a SPAN capable switch. This would mean trying to find a hub to connect the PIX inside interface and Wireshark machine, no?
01-28-2008 12:00 PM
I'm afraid so.
01-28-2008 12:00 PM
If you don't have SPAN switch on outside interface you can use hub to get copy of all PIX
traffic to the port. Hook up a machine and run either Ethereal (look for
the top talkers) or run nTop.
01-28-2008 12:03 PM
Good idea, but you will probably only see your NAT'd address not the internal IPs.
01-28-2008 12:03 PM
I have just found conversation on similar topic
Check the Perl script in last post
M.
01-28-2008 12:10 PM
Google 'PIX' and 'logging' and there are some free options out there that might help. I tried PLA once and it looked decent, but the link is currently down. You may need to turn on debug level logging on the PIX for the app to work properly, check the documentation.
01-29-2008 02:30 AM
Version 8 ASDM gives you top 10 services, talkers and destinations based on IP address, with intervals of 1hr, 8hr and 24hr.
01-29-2008 04:48 AM
What are the hardware requirements? I have 506 and 515 PIXes running V6.2 and V6.3 images.
Thanks,
Diego
01-29-2008 06:10 AM
The Pix 506 is not supported, Pix 515 requires 128MB ram for UR licence and 64MB for restricted licence and 16MB flash, see version 8 release notes for further information.
01-31-2008 03:02 PM
Another way is to use th tool Netflow but you should do this in a router pix do not support netflow
01-31-2008 03:59 PM
Hi,
You could try collecting the syslog data from the PIX and using a reporting tool like Sawmill to generate reports.
See this article:
http://lachniet.com/cheaplogging/
Cheers!
02-01-2008 07:07 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: