Hi all. I was wondering is there any better way to view all active connections from IP addresses that are going over the firewall than using show conn command? Or better yet a sum of all connections associated with an IP address?
The thing is that today I saw large increase of inbound traffic on the ASA outside interface but using sh conn command couldn't attribute any one IP on our network with increased number of connections(the largest was an IP with some 40 connections). Last time I used this command we caught one of our users downloading a bunch of files from all over the internet using a P2P program and I saw pages and pages of connections to his IP from the outside.
We are using Cisco ASA 5510 with asa706-k8.bin.
Thanks for any help.
You can also use "show local-host" command, and it will group connection output from each ip address: