how to find IP that is hogging bandwidth

Answered Question
Nov 10th, 2008

I am using a an ASA5520 with a few hundred users connected to the Internet with a 20MB ethernet circuit. Our bandwidth usage (from the home screen of the ASA) usually is at 3-5MB or so. Lately the home screen shows the input bandwidth to our public interface as pegged 24x7 at 20MB which is the max allowed by our ISP. I am trying to use the ASA tools to find the IP responsible but haven't had much luck. Packet tracing and logging tools require specific IPs and ports which doesn't help me because if I knew which IP and port I was looking for then I wouldn't have to use the tool! Seems like most of the screens and graphs are geared to showing overall statics for specific interfaces but they can't drill down to specific IPs. Any ideas on how I can find this rouge IP(s)?



Correct Answer by acomiskey about 8 years 3 months ago

Main page -> Firewall Dashboard Tab -> Top Usage Status

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
acomiskey Mon, 11/10/2008 - 12:01

What version of ASA? ASDM 6 has a feature which allows you to see top sources/destination/services.

DIEGO ALONSO Mon, 11/10/2008 - 12:05

Using 5.2.4 and 7.2.4 on the ASA. Will try to upgrade to see what's new. Where do I look for this feature when I'm there?

Correct Answer
acomiskey Mon, 11/10/2008 - 12:24

Main page -> Firewall Dashboard Tab -> Top Usage Status

DIEGO ALONSO Mon, 11/10/2008 - 13:49

As soon as I finished upgrading the ASA and ASDM the problem went away, at least for now. I will continue checking but now there is no need to use the top usage stats. Weird. Nevertheless the new ASA/ASDM is a nice upgrade. Thank you!!



This Discussion