Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1802
Views
0
Helpful
3
Replies

Inbound and Outbound for Interfaces

linker.team
Level 1
Level 1

‎08-19-2010 04:05 AM - edited ‎03-11-2019 11:27 AM

Hi All,

            I would like to confirm the Inbound and Outbound values specific to interfaces which are responsible for the transaction.

Consider the below FTP log,

<134>Mar 11 2009 10:54:16: %PIX-6-302013: Built outbound TCP connection 3720 for outside:192.168.81.10/21 (192.168.81.10/21) to inside:192.168.90.1/4572 (192.168.90.1/4572) ()
<134>Mar 11 2009 10:56:17: %PIX-6-302014: Teardown TCP connection 3720 for outside:192.168.81.10/21 to inside:192.168.90.1/4572 duration 0:02:01 bytes 1505005 SYN Timeout ()

How can i assume Inbound and Outbound values for the interfaces inside & outside. (FTP is happened from outside to inside)

Case 1:

For inside  ....: Inbound = 1505005 bytes  & Outbound = 0 bytes

For outside  ..: Inbound = 0 bytes  & Outbound = 1505005 bytes

Case 2:

For inside  ....: Inbound = 1505005 bytes  & Outbound = 0 bytes

For outside  ..: Inbound = 1505005 bytes  & Outbound = 0 bytes

      Please someone clarify the above and that will help me to resolve the insterface specific bandwidth (IN & OUT) calculation.

Thanks,

Saran

Labels:
0 Helpful
3 Replies 3

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-19-2010 05:28 AM

Hello,

In the log message you have posted, the value 1505005 specifies the total data exchanged via the connection. It includes all the packets in both directions. So, it is hard to determine if it was inbound or outbound. The log message always treats the connection as if it was established from outside to inside even though it would have been established from inside to outside. I would suggest you to use other means to calculate the bandwidth usage.

Hope this helps.

Regards,

NT

0 Helpful

vinod.agrahari
Level 1
Level 1

‎08-19-2010 07:56 AM

Hi Linker,

I think ,we can not get to know the downloaded data from any specific host connected in the internal network and from here just we get to know the interface utilization ,the amount of packet get exchange from both way.

To get to know the exact amount of data downloaded from any specific host connected in the network ,can get to know though third party tool e.g. Netflow Analyzer  etc.

Please let me know if you need more eleboration.

Regards

Vinod Agrahari

0 Helpful

linker.team
Level 1
Level 1
In response to vinod.agrahari

‎08-19-2010 08:56 AM

Hi,

      Thanks for your reply. Please note that the transaction is for single FTP (connection id 3720). Hence the byte value belongs to that FTP alone. My requirement is to calculate the bandwidth utilization of the interfaces of a Firewall device. Hence i would like confirm the IN/OUT values with respect to interfaces.

     Netflow Analyzer will give the bandwidth utilization of Router interfaces. Here i am trying to check the bandwidth utilization of Firewall interfaces. My interest is to findout the traffic IN/OUT of my DMZ.

    I would like to confirm, how single byte value of a transaction will be taken as IN (or) OUT specific to Source and Destination interfaces. I am so happy if someone explains the IN/OUT values in case i have inside/outside/DMZ interfaces in a firewall.     

Regards,

Saran

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card