I have a Pix 506E and have 25 hosts on LAN which have access to internet via this firewall. I am facing problem of link choking due to downloading by some of users as showed by MRTG graph.
I want to know that how to identify which user is donloading. I have used NET Flow Analyzer on Cisco Router which is very helpful tool but how to implement it on PIX firewall or suggest another tool for this purpose.
In firewall, use the 'show conn' to view all, or specific example, if you want to check www@port 80 traffic from which machines, use the 'sh conn | i 80'. It will list clients with active TCP via port 80 connection through Firewall. Same goes to other TCP service port.
To view all UDP or TCP, use 'sh conn | i TCP'. You can also use 'sh local-host' command to view individual host access.
However, bear in mind that port 80 (www) can easily be used by P2P applications like Kazaa or BitTorrent to hide or tunnel other connections. Firewall/Router NetFlow cannot detect this. The most you can see is huge http traffic. You need IPS to drill further into port 80.
First of all thanks for your support. All commands you mentioned in your reply are helpfull to identify which users are connected with Internet on different ports but how to identify that on a particular TCP or UDP connection , user is doing download or upload data at high data rate and consuming full bandwith of Internet connection.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...