High traffic from my ASA internal interface

Answered Question
Jul 12th, 2010

Good morning:

I have cisco ASA 5520 and i am having high traffic per hour from my internal interface, For example can have 700 or 800 MB, this behavior come happening since 3 weeks ago.

Can someone help me to know whats is happening?

Thank in advance

Correct Answer by Nagaraja Thanthry about 6 years 7 months ago

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Nagaraja Thanthry Mon, 07/12/2010 - 08:12

Hello,

If you have installed ASDM, if you go to the ASDM dashboard, there is a section that lists all the top talkers. It will also list the percentage of traffic per protocol (top 10) as well. You can use that to see which of your internal hosts are generating so much of traffic.

Hope this helps.

Regards,

NT

colonha27 Mon, 07/12/2010 - 08:21

Thank you, Nagaraja Thanthry

Yes, I discovered the strange behavior in this section of ASDM (Top talkers by Bytes last hour), but I can't (or yes?) see the traffic(Protocol) and the other peer in this graphs .

Exist some way to see the corresponded traffic for this high consume

Thank in advance.

Correct Answer
Nagaraja Thanthry Mon, 07/12/2010 - 09:14

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

colonha27 Tue, 07/13/2010 - 08:59

Thank you, Nagaraja Thanthry

I told you about this graphs in ASDM, they are available in the ASDM, but i can't determine the source, destination and protocol in the traffic mentioned, with the information in they.

I go to use the sniffer to see the traffic.

Thank you for your help.

Hector.

Actions

This Discussion

Related Content