08-19-2010 04:05 AM - edited 03-11-2019 11:27 AM
Hi All,
I would like to confirm the Inbound and Outbound values specific to interfaces which are responsible for the transaction.
Consider the below FTP log,
<134>Mar 11 2009 10:54:16: %PIX-6-302013: Built outbound TCP connection 3720 for outside:192.168.81.10/21 (192.168.81.10/21) to inside:192.168.90.1/4572 (192.168.90.1/4572) ()
<134>Mar 11 2009 10:56:17: %PIX-6-302014: Teardown TCP connection 3720 for outside:192.168.81.10/21 to inside:192.168.90.1/4572 duration 0:02:01 bytes 1505005 SYN Timeout ()
How can i assume Inbound and Outbound values for the interfaces inside & outside. (FTP is happened from outside to inside)
Case 1:
For inside ....: Inbound = 1505005 bytes & Outbound = 0 bytes
For outside ..: Inbound = 0 bytes & Outbound = 1505005 bytes
Case 2:
For inside ....: Inbound = 1505005 bytes & Outbound = 0 bytes
For outside ..: Inbound = 1505005 bytes & Outbound = 0 bytes
Please someone clarify the above and that will help me to resolve the insterface specific bandwidth (IN & OUT) calculation.
Thanks,
Saran
08-19-2010 05:28 AM
Hello,
In the log message you have posted, the value 1505005 specifies the total data exchanged via the connection. It includes all the packets in both directions. So, it is hard to determine if it was inbound or outbound. The log message always treats the connection as if it was established from outside to inside even though it would have been established from inside to outside. I would suggest you to use other means to calculate the bandwidth usage.
Hope this helps.
Regards,
NT
08-19-2010 07:56 AM
Hi Linker,
I think ,we can not get to know the downloaded data from any specific host connected in the internal network and from here just we get to know the interface utilization ,the amount of packet get exchange from both way.
To get to know the exact amount of data downloaded from any specific host connected in the network ,can get to know though third party tool e.g. Netflow Analyzer etc.
Please let me know if you need more eleboration.
Regards
Vinod Agrahari
08-19-2010 08:56 AM
Hi,
Thanks for your reply. Please note that the transaction is for single FTP (connection id 3720). Hence the byte value belongs to that FTP alone. My requirement is to calculate the bandwidth utilization of the interfaces of a Firewall device. Hence i would like confirm the IN/OUT values with respect to interfaces.
Netflow Analyzer will give the bandwidth utilization of Router interfaces. Here i am trying to check the bandwidth utilization of Firewall interfaces. My interest is to findout the traffic IN/OUT of my DMZ.
I would like to confirm, how single byte value of a transaction will be taken as IN (or) OUT specific to Source and Destination interfaces. I am so happy if someone explains the IN/OUT values in case i have inside/outside/DMZ interfaces in a firewall.
Regards,
Saran
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide