Cisco Support Community
Community Member

Traffic Analyzer for PIX Firewall

Dear All,

I have a Pix 506E and have 25 hosts on LAN which have access to internet via this firewall. I am facing problem of link choking due to downloading by some of users as showed by MRTG graph.

I want to know that how to identify which user is donloading. I have used NET Flow Analyzer on Cisco Router which is very helpful tool but how to implement it on PIX firewall or suggest another tool for this purpose.





Re: Traffic Analyzer for PIX Firewall


In firewall, use the 'show conn' to view all, or specific example, if you want to check www@port 80 traffic from which machines, use the 'sh conn | i 80'. It will list clients with active TCP via port 80 connection through Firewall. Same goes to other TCP service port.

To view all UDP or TCP, use 'sh conn | i TCP'. You can also use 'sh local-host' command to view individual host access.

However, bear in mind that port 80 (www) can easily be used by P2P applications like Kazaa or BitTorrent to hide or tunnel other connections. Firewall/Router NetFlow cannot detect this. The most you can see is huge http traffic. You need IPS to drill further into port 80.



Community Member

Re: Traffic Analyzer for PIX Firewall

Dear AK,

First of all thanks for your support. All commands you mentioned in your reply are helpfull to identify which users are connected with Internet on different ports but how to identify that on a particular TCP or UDP connection , user is doing download or upload data at high data rate and consuming full bandwith of Internet connection.



Re: Traffic Analyzer for PIX Firewall

You can try Firewall Analyzer. This tool works similar to Netflow .. You can download a trial version and run it for a dew days .. that will give you an idea of you traffic uitilization.

I hope it helps ... please rate it if it does !!!

Re: Traffic Analyzer for PIX Firewall

here is the user guide and a brief descritpion of what you can do. NOTE: your pix needs to be at least version 6.

CreatePlease to create content