1. Home
  2. Cisco Systems
  3. How to find users abusing bandwidth?(pix firewall)

How to find users abusing bandwidth?(pix firewall)

I have a pix firewall(515 I believe) and every day at lunch and again at the end of the day the Inet slows to a crawl. It is obviously a user or group of users downloading a chunk of something. We have a full T1 and during work hours, it functions fine. I would like to get some software to possibly monitor the firewall and then point out the heaviest user's IP. I have been playing around with syslogd, but have not found a good way to cull through the log once it is written out. I also have tried sawmill, and while it is a step in the right direction, it is hard to believe there isn't a more direct way to figure it out. Any thoughts? I have the powers above ready to buy if I can find the right piece of software. thanks for your help.

Reply to
dogfrndnew
Loading thread data ...

There isn't a more direct way, at least not with PIX 6. (I'm not familiar enough with PIX 7.)

There isn't really a lot of variety to choose from for PIX event analysis. I had to write my own analysis software. There used to be a commercial product, but it wasn't fast enough or flexible enough for my needs... and now that product is no longer available anyhow.

I supplied a simple perl program that might be good -enough- for your purposes; see

formatting link

Reply to
Walter Roberson

When we find out network is crawling I hook up the Ethernet cable from the Router that connects to the internet to a old style HUB (not a switch) and then a PC and the rest of the network on the Same HUB, then on the PC run a IP Packet grabber on it. We use EtherPeek from WildPackets. It will show you traffic and show you who is the biggest bandwidth or packet hog. EtherPeek is great with all its charts and graphs, though you can run MS's Network Monitor to look at the Traffic. You have to click the enable conversations on the start page. I have not found a way to give Conversation stats. Just shows you the Packets. If there is just one person generating the Traffic, (in our case there was someone streaming video) it would be pretty obvious.

ScottI have a pix firewall(515 I believe) and every day at lunch and again

Reply to
Scott Townsend

Reply to
Scott Townsend

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.