1. Home
  2. Cisco Systems
  3. 506e monitoring software recommendation.

506e monitoring software recommendation.

I continue to have a situation where our internet connections slows down to a crawl. When I open the 506e PDM and look at the Interface Status and Traffic Status I can see a sustained, exceptionally high usage but can not tell who, or what is causing it. Normally, our usage bounces between 2 and 12 kbps, but when this happens, it stays up as high as 500

- 700kbps.

We are a small company - less than 50 users, so I walk around and ask every single person if they are uploading, downloading, watching video, listening to music, sending large emails... and every time, it seems that no one is.

I'm a PDM user and I know that I can use the command line to do a show local-host and look for hight tcp connections - but this is difficult for me to understand and sort through.

Can someone recommend a good application for monitoring the 506e that can present information in a format that I can understand it, and can help me determine who or what is causing this high usage when it occurs? This happens several times a month and sometimes a week.

Thanks, Mike

Reply to
Mike Bailey
Loading thread data ...

What type of switch (make, model OS) is between the PIX and the PC's ?

Reply to
Merv

HP Procurve 2650.

Mike

Reply to
Mike Bailey

With that switch you should be able to see the traffic being transmitted and received by each port. You can alos clear these port statistic counters.

Look at the documentation for the show interface command and the clear statistics command

Reply to
Merv

Use CLI - Issue commands: show conn show local

Then look for the "Bytes" count to ident large downloads. Or look for one PC with huge amount of connections. Then you have IP of both source and destination and ports. Easy job to block ...

Or maybe you need to do a inside ACL, so that you decide whats allowed and what is not.

HTH Martin Bilgrav

Reply to
Martin Bilgrav

Setup a syslog server and use a log analyzer to see who is generating the traffic. One good example is FireGen for Pix

formatting link
- you can use it in trial mode for 30 days. The "IP Forensics" features allows you to see the activity of a certain IP address for specific time interval (sample report here:
formatting link
Instructions on how to setup a syslog server (Kiwi) and configure the Pix firewall to send the logs there can be found here:
formatting link
Adrian

PS I am one of the developers of FireGen

Reply to
Adrian Grigorof

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.