05-16-2006 11:36 PM - edited 02-21-2020 12:54 AM
Dear All,
I have a Pix 506E and have 25 hosts on LAN which have access to internet via this firewall. I am facing problem of link choking due to downloading by some of users as showed by MRTG graph.
I want to know that how to identify which user is donloading. I have used NET Flow Analyzer on Cisco Router which is very helpful tool but how to implement it on PIX firewall or suggest another tool for this purpose.
Thank...
Regards,
Mujeeb
05-17-2006 01:32 AM
Hi,
In firewall, use the 'show conn' to view all, or specific example, if you want to check www@port 80 traffic from which machines, use the 'sh conn | i 80'. It will list clients with active TCP via port 80 connection through Firewall. Same goes to other TCP service port.
To view all UDP or TCP, use 'sh conn | i TCP'. You can also use 'sh local-host' command to view individual host access.
However, bear in mind that port 80 (www) can easily be used by P2P applications like Kazaa or BitTorrent to hide or tunnel other connections. Firewall/Router NetFlow cannot detect this. The most you can see is huge http traffic. You need IPS to drill further into port 80.
Rgds,
AK
05-17-2006 09:53 PM
Dear AK,
First of all thanks for your support. All commands you mentioned in your reply are helpfull to identify which users are connected with Internet on different ports but how to identify that on a particular TCP or UDP connection , user is doing download or upload data at high data rate and consuming full bandwith of Internet connection.
Regards,
Mujeeb
05-17-2006 10:06 PM
You can try Firewall Analyzer. This tool works similar to Netflow .. You can download a trial version and run it for a dew days .. that will give you an idea of you traffic uitilization.
http://manageengine.adventnet.com/products/firewall/download.html
I hope it helps ... please rate it if it does !!!
05-17-2006 10:10 PM
here is the user guide and a brief descritpion of what you can do. NOTE: your pix needs to be at least version 6.
http://manageengine.adventnet.com/products/firewall/help.html
http://manageengine.adventnet.com/products/firewall/firewall_analyzer.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide