Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Traffic Analysis - ASA

Hi all,

If I noticed a lot of (incoming&outcoming) traffic in outside interface of ASA. Is there any way to know where is this traffic coming or going to (IP address)?

And if that traffic happened earlier (for example 1 day ago), can I still know the origin or destination IP address?

Please help!!

Thanks in Advance,

Omer

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Traffic Analysis - ASA

The open source tool for capturing and analyzing netflow exports is ntop. Please see more information at http://www.ntop.org/products/ntop/

4 REPLIES
Hall of Fame Super Silver

Traffic Analysis - ASA

There's no easy way to tell if you didn't already have instrumentation turned on.

The ASA is capable of exporting netflow data to an external collector. It is there that you would be able to retrospectively analyze top flows by source and destination address and port. Additionally in near real time you can monitor the top 10 hosts in the ASDM dashboard (or CLI equivalent).

New Member

Traffic Analysis - ASA

Thanks Marvin for your reply.

Actually I asked this question because I've seen spiky load in my outside interface which looked suspicious. I was curious to know where it came from.

I used show conn command, but it was only showing the connections in use.

I'm using opennms as monitioring tool, but not sure if it will help in this case.

Any recommendation??

Thanks,

Omer

Hall of Fame Super Silver

Traffic Analysis - ASA

The open source tool for capturing and analyzing netflow exports is ntop. Please see more information at http://www.ntop.org/products/ntop/

New Member

Traffic Analysis - ASA

Thanks for the valuable information

1242
Views
0
Helpful
4
Replies