HOW-TO general question

Unanswered Question
Feb 20th, 2008
User Badges:

Hello there,

I have an app server seating on my PIX's DMZ and I need to know how can I monitor (in real time) inbound traffic from the Outside interface (users out there) to the specific host (app server) on the DMZ interface...

Basically i need to know if inbound traffic can actually reach the server AND if so... I need to check if that traffic is coming back from the server to the PIX and back to the end user out there

makes sense ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
cisco24x7 Wed, 02/20/2008 - 11:05
User Badges:
  • Silver, 250 points or more

Monitoring on the Pix is very limited. You may

want to do this on the upstream router using

NetFlow. NetFlow can provide you with very

accurate information.

The other alternative is you can monitor

on the server itself, if the server is

Linux. You can use a freeware tool called

iptraf. I use it, excellent tool.

CCIE Security

abinjola Wed, 02/20/2008 - 21:10
User Badges:
  • Cisco Employee,

hello Glenn, Yes you can certainly monitor this traffic in extensive detail and also verify if the packet is returning back or not

on the DMZ interface set the

following Packet Captures :-

access-l abc permit ip host host

and then another ACL in reverse order for return traffic

access-l abc permit ip host host x.x.x.x

x.x.x.x-->ip address of source on outside

Capture cpz access-l abc packet-length 1518 interface DMZ

generate the traffic and afterwards use the following command to check the packet captures

show capture cpz

The other way is to set logging on Pix firewall which is a very good way to report the traffic through the pix on a syslog server

does this help !

gleguzgo0166 Wed, 02/20/2008 - 21:29
User Badges:

you got to excuse my language but HELL yeah it does!!!!

Thanks a lot my friend!!


abinjola Wed, 02/20/2008 - 21:34
User Badges:
  • Cisco Employee,

I am post at 12 in the night did not go waste ..cheers


This Discussion