Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
4
Replies

Traffic Analyzer for PIX Firewall

rmujeeb81
Level 1
Level 1

‎05-16-2006 11:36 PM - edited ‎02-21-2020 12:54 AM

Dear All,

I have a Pix 506E and have 25 hosts on LAN which have access to internet via this firewall. I am facing problem of link choking due to downloading by some of users as showed by MRTG graph.

I want to know that how to identify which user is donloading. I have used NET Flow Analyzer on Cisco Router which is very helpful tool but how to implement it on PIX firewall or suggest another tool for this purpose.

Thank...

Regards,

Mujeeb

0 Helpful
4 Replies 4

a.kiprawih
Level 7
Level 7

‎05-17-2006 01:32 AM

Hi,

In firewall, use the 'show conn' to view all, or specific example, if you want to check www@port 80 traffic from which machines, use the 'sh conn | i 80'. It will list clients with active TCP via port 80 connection through Firewall. Same goes to other TCP service port.

To view all UDP or TCP, use 'sh conn | i TCP'. You can also use 'sh local-host' command to view individual host access.

However, bear in mind that port 80 (www) can easily be used by P2P applications like Kazaa or BitTorrent to hide or tunnel other connections. Firewall/Router NetFlow cannot detect this. The most you can see is huge http traffic. You need IPS to drill further into port 80.

Rgds,

AK

0 Helpful

rmujeeb81
Level 1
Level 1
In response to a.kiprawih

‎05-17-2006 09:53 PM

Dear AK,

First of all thanks for your support. All commands you mentioned in your reply are helpfull to identify which users are connected with Internet on different ports but how to identify that on a particular TCP or UDP connection , user is doing download or upload data at high data rate and consuming full bandwith of Internet connection.

Regards,

Mujeeb

0 Helpful

Fernando_Meza
Level 7
Level 7

‎05-17-2006 10:06 PM

You can try Firewall Analyzer. This tool works similar to Netflow .. You can download a trial version and run it for a dew days .. that will give you an idea of you traffic uitilization.

http://manageengine.adventnet.com/products/firewall/download.html

I hope it helps ... please rate it if it does !!!

0 Helpful

Fernando_Meza
Level 7
Level 7

‎05-17-2006 10:10 PM

here is the user guide and a brief descritpion of what you can do. NOTE: your pix needs to be at least version 6.

http://manageengine.adventnet.com/products/firewall/help.html

http://manageengine.adventnet.com/products/firewall/firewall_analyzer.pdf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card