Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4985
Views
0
Helpful
4
Replies

High traffic from my ASA internal interface

Go to solution
colonha27
Level 1
Level 1

‎07-12-2010 08:09 AM - edited ‎03-11-2019 11:10 AM

Good morning:

I have cisco ASA 5520 and i am having high traffic per hour from my internal interface, For example can have 700 or 800 MB, this behavior come happening since 3 weeks ago.

Can someone help me to know whats is happening?

Thank in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to colonha27

‎07-12-2010 09:14 AM

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-12-2010 08:12 AM

Hello,

If you have installed ASDM, if you go to the ASDM dashboard, there is a section that lists all the top talkers. It will also list the percentage of traffic per protocol (top 10) as well. You can use that to see which of your internal hosts are generating so much of traffic.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
colonha27
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-12-2010 08:21 AM

Thank you, Nagaraja Thanthry

Yes, I discovered the strange behavior in this section of ASDM (Top talkers by Bytes last hour), but I can't (or yes?) see the traffic(Protocol) and the other peer in this graphs .

Exist some way to see the corresponded traffic for this high consume

Thank in advance.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to colonha27

‎07-12-2010 09:14 AM

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
colonha27
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-13-2010 08:59 AM

Thank you, Nagaraja Thanthry

I told you about this graphs in ASDM, they are available in the ASDM, but i can't determine the source, destination and protocol in the traffic mentioned, with the information in they.

I go to use the sniffer to see the traffic.

Thank you for your help.

Hector.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card