Thank you so much for all your help. Finally, I found
the problem. many streaming radio or video using port
554.
If I want to block all streamimg radio or video on the
PIX,
can I use access-list 100 deny tcp any any eq 554
access-list 100 deny udp any any eq 554
Any other suggestions or concerns?
Thanks again,
Jane
--- "ALLEN, DONALD S (AIT)" <[EMAIL PROTECTED]> wrote:
> Show Conns or show conns?
> Show Xlate or show xlate?
>
> And using the PDM web module are ways to get Pix
> information without a
> sniffer.
>
>
>
> -----Original Message-----
> From: Jane Han [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2003 9:08 AM
> To: Ben Hicks; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: where should I start? help!
>
>
> Thanks for all help. If I want to find all traffic
> on
> the PIX internal interface, what should I do? using
> sniffer? How do I position the sniffer? How can I
> span port on the PIX or I have to do spanning on the
> switch?
>
> Any suggestions or help will be highly appreciated.
>
>
> switch ---PIX---external router
>
> The exernal router serial interface status as
> follows: Serial0/0 is up, line
> protocol is up
> Hardware is DSCC4 Serial
> Internet address is a.b.c.d/30
> MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
> reliability 255/255, txload 24/255, rxload
> 235/255
> Encapsulation HDLC, loopback not set
> Keepalive set (10 sec)
> Last input 00:00:05, output 00:00:01, output hang
> never
> Last clearing of "show interface" counters 1d23h
> Input queue: 0/75/0/0 (size/max/drops/flushes);
> Total output drops: 0
> Queueing strategy: fifo
> Output queue: 0/100 (size/max)
> 30 second input rate 1424000 bits/sec, 230
> packets/sec
> 30 second output rate 147000 bits/sec, 161
> packets/sec
> 16859032 packets input, 2850828712 bytes, 0 no
> buffer
> Received 17055 broadcasts, 0 runts, 0 giants, 0
> throttles
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0
> ignored, 0 abort
> 13720059 packets output, 3084799197 bytes, 0
> underruns
> 0 output errors, 0 collisions, 0 interface
> resets
> 0 output buffer failures, 0 output buffers
> swapped out
> 0 carrier transitions
> DCD=up DSR=up DTR=up RTS=up CTS=up
>
>
> Thanks in advance,
>
> Jane
> --- Ben Hicks <[EMAIL PROTECTED]> wrote:
> > Hmm, So the firewall is performing the nat then.
> >
> > Just out of interest, what is the firewall doing?
> > does it have any access
> > lists on it ?
> >
> > Thanks,
> >
> > Ben
> >
> >
> >
> > -----Original Message-----
> > From: Jane Han [mailto:[EMAIL PROTECTED]
> > Sent: 15 July 2003 16:20
> > To: Ben Hicks; [EMAIL PROTECTED]
> > Subject: RE: where should I start? help!
> >
> >
> > Ben,
> >
> > I appreciate your answer. I enabled the IP
> > accounting
> > and the IP accounting only shows the destination
> > address as public address (NAT). Is there a way
> > that
> > I can trace this public IP address (NAT) to
> > the internal private IP address?
> >
> > Thanks,
> >
> > Jane
> >
> > --- Ben Hicks <[EMAIL PROTECTED]> wrote:
> > > The interface is very heavily utilised on the
> > > receiving of information - i.e
> > > persons downloading.
> > >
> > > Your interface (at the time of the snapshit) was
> > > very heavily utilised.
> > > 188/255 RX suggest that your link is about 75%
> > > utilised, which is very high.
> > >
> > > There are of course many other things that could
> > be
> > > attirbuting to the
> > > problem, but I would start here.
> > >
> > > You could perhaps enable ip accounting to find
> out
> > > which IP addresses are
> > > accessing the most amount of information.
> > >
> > > HTH
> > >
> > > Ben.
> > >
> > > -----Original Message-----
> > > From: Jane Han [mailto:[EMAIL PROTECTED]
> > > Sent: 08 July 2003 15:41
> > > To: [EMAIL PROTECTED]
> > > Subject: where should I start? help!
> > >
> > >
> > > Hi, all
> > >
> > > I am relatively new to this field. We have full
> > T1
> > > but the internet speed is very slow.
> > > Sometimes it's even slower than dial-up speed
> when downloading
> > > files.
> > > E1 E0 E0 s0
> > > Switch --- PIX ------Cisco 2600
> > > Router------Internet
> > >
> > > (E1 and E0 are Ethernet Interface and S0 is
> serial
> > > interface) (please see the following status on
> s0)
> > >
> > > Serial0/0 is up, line protocol is up
> > > Hardware is QUICC Serial
> > > Internet address is X.X.X.X/30
> > > MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec,
> > > reliability 255/255, txload 26/255, rxload
> > > 188/255
> > > Encapsulation HDLC, loopback not set
> > > Keepalive set (10 sec)
> > > Last input 00:00:02, output 00:00:00, output
> > hang
> > > never
> > > Last clearing of "show interface" counters
> never
> > > Input queue: 0/75/9199/0
> > (size/max/drops/flushes);
> > > Total output drops: 3307
> > > Queueing strategy: weighted fair
> > > Output queue: 0/1000/64/3307 (size/max
> > > total/threshold/drops)
> > > Conversations 0/57/256 (active/max
> > active/max
> > > total)
> > > Reserved Conversations 0/0 (allocated/max
> > > allocated)
> > > 30 second input rate 1510000 bits/sec, 235
> > > packets/sec
> > > 30 second output rate 214000 bits/sec, 173
> > > packets/sec
> > > 76598509 packets input, 1523011153 bytes, 0
> > no
> > > buffer
> > > Received 104544 broadcasts, 0 runts, 0
> > giants,
> > > 0
> > > throttles
> > > 1 input errors, 0 CRC, 1 frame, 0 overrun,
> 0
> > > ignored, 0 abort
> > > 66685034 packets output, 4044743843 bytes,
> 0
> > > underruns
> > > 0 output errors, 0 collisions, 1 interface
> > > resets
> > > 0 output buffer failures, 0 output buffers
> > > swapped out
> > > 0 carrier transitions
> > > DCD=up DSR=up DTR=up RTS=up CTS=up
> > >
> > > I checked the S0 interface status on the
> internet
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
---------------------------------------------------------------------------
----------------------------------------------------------------------------
