How to find users abusing bandwidth?(pix firewall)

Discussion in 'Cisco' started by dogfrndnew@yahoo.com, Mar 28, 2007.

  1. Guest

    I have a pix firewall(515 I believe) and every day at lunch and again
    at the end of the day the Inet slows to a crawl. It is obviously a
    user or group of users downloading a chunk of something. We have a
    full T1 and during work hours, it functions fine. I would like to get
    some software to possibly monitor the firewall and then point out the
    heaviest user's IP. I have been playing around with syslogd, but have
    not found a good way to cull through the log once it is written out.
    I also have tried sawmill, and while it is a step in the right
    direction, it is hard to believe there isn't a more direct way to
    figure it out. Any thoughts? I have the powers above ready to buy if
    I can find the right piece of software. thanks for your help.
    , Mar 28, 2007
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >I have a pix firewall(515 I believe) and every day at lunch and again
    >at the end of the day the Inet slows to a crawl. It is obviously a
    >user or group of users downloading a chunk of something. We have a
    >full T1 and during work hours, it functions fine. I would like to get
    >some software to possibly monitor the firewall and then point out the
    >heaviest user's IP. I have been playing around with syslogd, but have
    >not found a good way to cull through the log once it is written out.
    >I also have tried sawmill, and while it is a step in the right
    >direction, it is hard to believe there isn't a more direct way to
    >figure it out.


    There isn't a more direct way, at least not with PIX 6. (I'm not
    familiar enough with PIX 7.)

    > Any thoughts? I have the powers above ready to buy if
    >I can find the right piece of software. thanks for your help.


    There isn't really a lot of variety to choose from for PIX event
    analysis. I had to write my own analysis software. There used
    to be a commercial product, but it wasn't fast enough or flexible
    enough for my needs... and now that product is no longer available
    anyhow.

    I supplied a simple perl program that might be good -enough- for
    your purposes; see
    http://groups.google.ca/group/comp.dcom.sys.cisco/msg/37ddb0b6234c1e48
    Walter Roberson, Mar 28, 2007
    #2
    1. Advertising

  3. When we find out network is crawling I hook up the Ethernet cable from the
    Router that connects to the internet to a old style HUB (not a switch) and
    then a PC and the rest of the network on the Same HUB, then on the PC run a
    IP Packet grabber on it. We use EtherPeek from WildPackets. It will show you
    traffic and show you who is the biggest bandwidth or packet hog. EtherPeek
    is great with all its charts and graphs, though you can run MS's Network
    Monitor to look at the Traffic. You have to click the enable conversations
    on the start page. I have not found a way to give Conversation stats. Just
    shows you the Packets. If there is just one person generating the Traffic,
    (in our case there was someone streaming video) it would be pretty obvious.

    Scott<-


    <> wrote in message
    news:...
    >I have a pix firewall(515 I believe) and every day at lunch and again
    > at the end of the day the Inet slows to a crawl. It is obviously a
    > user or group of users downloading a chunk of something. We have a
    > full T1 and during work hours, it functions fine. I would like to get
    > some software to possibly monitor the firewall and then point out the
    > heaviest user's IP. I have been playing around with syslogd, but have
    > not found a good way to cull through the log once it is written out.
    > I also have tried sawmill, and while it is a step in the right
    > direction, it is hard to believe there isn't a more direct way to
    > figure it out. Any thoughts? I have the powers above ready to buy if
    > I can find the right piece of software. thanks for your help.
    >
    Scott Townsend, Mar 28, 2007
    #3
  4. Just downloaded a copy of Ethereal (GNU) and it has great Conversation
    Statistics.
    http://www.ethereal.com/

    "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> wrote in message
    news:mZyOh.2915$...
    > When we find out network is crawling I hook up the Ethernet cable from the
    > Router that connects to the internet to a old style HUB (not a switch) and
    > then a PC and the rest of the network on the Same HUB, then on the PC run
    > a IP Packet grabber on it. We use EtherPeek from WildPackets. It will show
    > you traffic and show you who is the biggest bandwidth or packet hog.
    > EtherPeek is great with all its charts and graphs, though you can run MS's
    > Network Monitor to look at the Traffic. You have to click the enable
    > conversations on the start page. I have not found a way to give
    > Conversation stats. Just shows you the Packets. If there is just one
    > person generating the Traffic, (in our case there was someone streaming
    > video) it would be pretty obvious.
    >
    > Scott<-
    >
    >
    > <> wrote in message
    > news:...
    >>I have a pix firewall(515 I believe) and every day at lunch and again
    >> at the end of the day the Inet slows to a crawl. It is obviously a
    >> user or group of users downloading a chunk of something. We have a
    >> full T1 and during work hours, it functions fine. I would like to get
    >> some software to possibly monitor the firewall and then point out the
    >> heaviest user's IP. I have been playing around with syslogd, but have
    >> not found a good way to cull through the log once it is written out.
    >> I also have tried sawmill, and while it is a step in the right
    >> direction, it is hard to believe there isn't a more direct way to
    >> figure it out. Any thoughts? I have the powers above ready to buy if
    >> I can find the right piece of software. thanks for your help.
    >>

    >
    >
    Scott Townsend, Mar 29, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carol A
    Replies:
    53
    Views:
    1,168
    @}-}-------Rosee
    Aug 5, 2005
  2. Andrew

    abusing and annoying mails

    Andrew, Oct 2, 2003, in forum: Digital Photography
    Replies:
    1
    Views:
    326
    Ray Fischer
    Oct 3, 2003
  3. K2
    Replies:
    12
    Views:
    838
  4. Imhotep
    Replies:
    10
    Views:
    713
    Imhotep
    Aug 12, 2005
  5. Brandon D Cartwright

    Prongboi celebrates Memorial Day by abusing veterans

    Brandon D Cartwright, Jun 2, 2007, in forum: DVD Video
    Replies:
    18
    Views:
    579
    Steve Leyland
    Jun 5, 2007
Loading...

Share This Page