Thank you so much for the info. When I do sh conn, here is the some info:
************** 472 in use, 2233 most used TCP out 67.86.115.71:1179 in 10.1.10.6:1494 idle 0:00:00 Bytes 3515047 flags UIOB TCP out 209.133.105.22:80 in 10.1.14.28:1124 idle 0:01:05 Bytes 57068 flags UFRIO This info shows which time period? what does bytes 57068 mean above? (the time doing sh conn or period of time) Thanks again, Jane --- "ALLEN, DONALD S (AIT)" <[EMAIL PROTECTED]> wrote: > Show Conns or show conns? > Show Xlate or show xlate? > > And using the PDM web module are ways to get Pix > information without a > sniffer. > > > > -----Original Message----- > From: Jane Han [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 24, 2003 9:08 AM > To: Ben Hicks; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: where should I start? help! > > > Thanks for all help. If I want to find all traffic > on > the PIX internal interface, what should I do? using > sniffer? How do I position the sniffer? How can I > span port on the PIX or I have to do spanning on the > switch? > > Any suggestions or help will be highly appreciated. > > > switch ---PIX---external router > > The exernal router serial interface status as > follows: Serial0/0 is up, line > protocol is up > Hardware is DSCC4 Serial > Internet address is a.b.c.d/30 > MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, > reliability 255/255, txload 24/255, rxload > 235/255 > Encapsulation HDLC, loopback not set > Keepalive set (10 sec) > Last input 00:00:05, output 00:00:01, output hang > never > Last clearing of "show interface" counters 1d23h > Input queue: 0/75/0/0 (size/max/drops/flushes); > Total output drops: 0 > Queueing strategy: fifo > Output queue: 0/100 (size/max) > 30 second input rate 1424000 bits/sec, 230 > packets/sec > 30 second output rate 147000 bits/sec, 161 > packets/sec > 16859032 packets input, 2850828712 bytes, 0 no > buffer > Received 17055 broadcasts, 0 runts, 0 giants, 0 > throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 > ignored, 0 abort > 13720059 packets output, 3084799197 bytes, 0 > underruns > 0 output errors, 0 collisions, 0 interface > resets > 0 output buffer failures, 0 output buffers > swapped out > 0 carrier transitions > DCD=up DSR=up DTR=up RTS=up CTS=up > > > Thanks in advance, > > Jane > --- Ben Hicks <[EMAIL PROTECTED]> wrote: > > Hmm, So the firewall is performing the nat then. > > > > Just out of interest, what is the firewall doing? > > does it have any access > > lists on it ? > > > > Thanks, > > > > Ben > > > > > > > > -----Original Message----- > > From: Jane Han [mailto:[EMAIL PROTECTED] > > Sent: 15 July 2003 16:20 > > To: Ben Hicks; [EMAIL PROTECTED] > > Subject: RE: where should I start? help! > > > > > > Ben, > > > > I appreciate your answer. I enabled the IP > > accounting > > and the IP accounting only shows the destination > > address as public address (NAT). Is there a way > > that > > I can trace this public IP address (NAT) to > > the internal private IP address? > > > > Thanks, > > > > Jane > > > > --- Ben Hicks <[EMAIL PROTECTED]> wrote: > > > The interface is very heavily utilised on the > > > receiving of information - i.e > > > persons downloading. > > > > > > Your interface (at the time of the snapshit) was > > > very heavily utilised. > > > 188/255 RX suggest that your link is about 75% > > > utilised, which is very high. > > > > > > There are of course many other things that could > > be > > > attirbuting to the > > > problem, but I would start here. > > > > > > You could perhaps enable ip accounting to find > out > > > which IP addresses are > > > accessing the most amount of information. > > > > > > HTH > > > > > > Ben. > > > > > > -----Original Message----- > > > From: Jane Han [mailto:[EMAIL PROTECTED] > > > Sent: 08 July 2003 15:41 > > > To: [EMAIL PROTECTED] > > > Subject: where should I start? help! > > > > > > > > > Hi, all > > > > > > I am relatively new to this field. We have full > > T1 > > > but the internet speed is very slow. > > > Sometimes it's even slower than dial-up speed > when downloading > > > files. > > > E1 E0 E0 s0 > > > Switch --- PIX ------Cisco 2600 > > > Router------Internet > > > > > > (E1 and E0 are Ethernet Interface and S0 is > serial > > > interface) (please see the following status on > s0) > > > > > > Serial0/0 is up, line protocol is up > > > Hardware is QUICC Serial > > > Internet address is X.X.X.X/30 > > > MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, > > > reliability 255/255, txload 26/255, rxload > > > 188/255 > > > Encapsulation HDLC, loopback not set > > > Keepalive set (10 sec) > > > Last input 00:00:02, output 00:00:00, output > > hang > > > never > > > Last clearing of "show interface" counters > never > > > Input queue: 0/75/9199/0 > > (size/max/drops/flushes); > > > Total output drops: 3307 > > > Queueing strategy: weighted fair > > > Output queue: 0/1000/64/3307 (size/max > > > total/threshold/drops) > > > Conversations 0/57/256 (active/max > > active/max > > > total) > > > Reserved Conversations 0/0 (allocated/max > > > allocated) > > > 30 second input rate 1510000 bits/sec, 235 > > > packets/sec > > > 30 second output rate 214000 bits/sec, 173 > > > packets/sec > > > 76598509 packets input, 1523011153 bytes, 0 > > no > > > buffer > > > Received 104544 broadcasts, 0 runts, 0 > > giants, > > > 0 > > > throttles > > > 1 input errors, 0 CRC, 1 frame, 0 overrun, > 0 > > > ignored, 0 abort > > > 66685034 packets output, 4044743843 bytes, > 0 > > > underruns > > > 0 output errors, 0 collisions, 1 interface > > > resets > > > 0 output buffer failures, 0 output buffers > > > swapped out > > > 0 carrier transitions > > > DCD=up DSR=up DTR=up RTS=up CTS=up > > > > > > I checked the S0 interface status on the > internet > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
