Easy PacketSniffing Question on PIX515e

[Abe85]

Hey folks, recently someone in our network has been consuming mega-bandwidth - Would like to use a Packet Sniffer to find out who that is.

Currently we have all internet traffic routed to a port on our PIX 515E Firewall. I want to mirror that port to another port on the PIX (in other words, use the Switched Port Analyzer (SPAN). Then, I want to be able to hook a spare laptop to that mirrored port and use some software like ethereal to monitor the traffic and find out who the culprit is.

I just want to know if you guys have any recommendations as I have never done this before and I am not too familiar with PacketSniffing.

Thanks!!!

 

[boymarty24]

I dont think you can connect a computer to the pix and sniff the traffic from there. the design with security levels between the interfaces will stop that.

Why dont you just configure a span port on the switch connected to the inside interface. you will see all traffic in that scenario ( i do that for sniffing and websense filtering )

 

[kwing112000]

You may be able to put a hub between the PIX and Switch and do it there.

 

[horus42]

What you specified is what I would probably do but I would also use ntop so I can see a breakdown of what is consuming the bandwidth and maybe block that specific traffic.


Hope that helps