source destination graphs on firewall

Unanswered Question
Nov 17th, 2009

Hi,

Is there any way we could see the high communication flow between the src and dst on the ASA firewall in real time? we could see the top 10 sources and top 10 destinations but it didn't match the flow. Also top 10 seems to be a limication, is there any way we can see the top 100 sources / destination?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Fri, 11/20/2009 - 11:56

Unfortunately you cannot monitor a flow in ASDM. You can see the top talker but you cannot see their flows live.

There is no direct way to see the top 100 source either. With CLI you can do "sh localhost | i TCP" and sort the top 100 users with the most conns connection.

Not the most efficient way, but the GUI will not currently give you what you want.

I hope it helps.

PK

JORGE RODRIGUEZ Fri, 11/20/2009 - 18:22

Adding to Panos comment, one  way I see you could  pool 100 top hosts would be if you have a router   behind asa-firewall inside where outbound/inbound traffic will cross insideRouter->ASA>outbound-inbound .  Run  netflow on the router ,  you can then use a robust netflow collector like Netflow analizer from ManageEngine  http://www.manageengine.com ,   I have this setup which successfully pools up to 200 top hosts outbound  traffic utilization per host.- see attach for screen shot example. .

Im not sure if a freeware netflow collector can pool this quantity of hosts traffic stats..

Regards

Actions

This Discussion