RE: where should I start? help!
From: Jane Han (janehan22_at_yahoo.com)
Date: 07/15/03
- Previous message: Nathan: "RE: Monitoring the network: Routers"
- Maybe in reply to: Jane Han: "where should I start? help!"
- Next in thread: DeGennaro, Gregory: "RE: where should I start? help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jul 2003 08:19:42 -0700 (PDT) To: Ben Hicks <ben@sequenced.net>, security-basics@securityfocus.com
Ben,
I appreciate your answer. I enabled the IP accounting
and the IP accounting only shows the destination
address as public address (NAT). Is there a way that
I can trace this public IP address (NAT) to
the internal private IP address?
Thanks,
Jane
--- Ben Hicks <ben@sequenced.net> wrote:
> The interface is very heavily utilised on the
> receiving of information - i.e
> persons downloading.
>
> Your interface (at the time of the snapshit) was
> very heavily utilised.
> 188/255 RX suggest that your link is about 75%
> utilised, which is very high.
>
> There are of course many other things that could be
> attirbuting to the
> problem, but I would start here.
>
> You could perhaps enable ip accounting to find out
> which IP addresses are
> accessing the most amount of information.
>
> HTH
>
> Ben.
>
> -----Original Message-----
> From: Jane Han [mailto:janehan22@yahoo.com]
> Sent: 08 July 2003 15:41
> To: security-basics@securityfocus.com
> Subject: where should I start? help!
>
>
> Hi, all
>
> I am relatively new to this field. We have full T1
> but the internet speed is very slow.
> Sometimes it's even slower than dial-up speed when
> downloading files.
> E1 E0 E0 s0
> Switch --- PIX ------Cisco 2600
> Router------Internet
>
> (E1 and E0 are Ethernet Interface and S0 is serial
> interface) (please see the following status on s0)
>
> Serial0/0 is up, line protocol is up
> Hardware is QUICC Serial
> Internet address is X.X.X.X/30
> MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec,
> reliability 255/255, txload 26/255, rxload
> 188/255
> Encapsulation HDLC, loopback not set
> Keepalive set (10 sec)
> Last input 00:00:02, output 00:00:00, output hang
> never
> Last clearing of "show interface" counters never
> Input queue: 0/75/9199/0 (size/max/drops/flushes);
> Total output drops: 3307
> Queueing strategy: weighted fair
> Output queue: 0/1000/64/3307 (size/max
> total/threshold/drops)
> Conversations 0/57/256 (active/max active/max
> total)
> Reserved Conversations 0/0 (allocated/max
> allocated)
> 30 second input rate 1510000 bits/sec, 235
> packets/sec
> 30 second output rate 214000 bits/sec, 173
> packets/sec
> 76598509 packets input, 1523011153 bytes, 0 no
> buffer
> Received 104544 broadcasts, 0 runts, 0 giants,
> 0
> throttles
> 1 input errors, 0 CRC, 1 frame, 0 overrun, 0
> ignored, 0 abort
> 66685034 packets output, 4044743843 bytes, 0
> underruns
> 0 output errors, 0 collisions, 1 interface
> resets
> 0 output buffer failures, 0 output buffers
> swapped out
> 0 carrier transitions
> DCD=up DSR=up DTR=up RTS=up CTS=up
>
> I checked the S0 interface status on the internet
> router. What info does the above indicate?
> What does input and output packets mean in case
> internal users download files from internet?
>
> I really do not know how to find out where all
> traffic
> are from? I bet there are lots of downloads
> from internet. Where should I start?
>
> BTW, we have one block class C public address. But
> the PIX only use 30 for NAT and one
> global pool address:
> global (outside) 1 x.x1.x2.201-x.x1.x2.230
> global (outside) 1 x.x1.x2.200
>
> Could this cause the slowness on internet speed
> also?
>
> Thanks in advance,
>
> Jane
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>
>
---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as
> leader by top analysts!
> The Gartner Group just put Neoteris in the top of
> its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in
> marketshare.
>
> Find out why, and see how you can get plug-n-play
> secure remote access in
> about an hour, with no client, server changes, or
> ongoing maintenance.
>
> Visit us at:
> http://www.neoteris.com/promos/sf-6-9.htm
>
----------------------------------------------------------------------------
>
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Nathan: "RE: Monitoring the network: Routers"
- Maybe in reply to: Jane Han: "where should I start? help!"
- Next in thread: DeGennaro, Gregory: "RE: where should I start? help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
