{"id":489,"date":"2010-09-29T14:12:40","date_gmt":"2010-09-29T12:12:40","guid":{"rendered":"http:\/\/www.netexpertise.eu\/fr\/?p=489"},"modified":"2021-05-04T22:10:25","modified_gmt":"2021-05-04T21:10:25","slug":"analyse-trafic-pix-asa","status":"publish","type":"post","link":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html","title":{"rendered":"Analyser et monitorer le trafic sur PIX\/ASA"},"content":{"rendered":"\n

Comment analyser le trafic traversant votre firewall Cisco<\/a> PIX ou ASA lorsque les temps de r\u00e9ponse deviennent extr\u00eamement lents, la bande passante est satur\u00e9e ou anormalement \u00e9lev\u00e9e, ou que les d\u00e9bits de t\u00e9l\u00e9chargement sont proches de 0?
\u00a0<\/p>\n\n\n\n

Statistiques des access lists<\/h3>\n\n\n\n

Vous avez probablement mis en place des access lists pour restreindre le trafic sortant ou entrant sur votre mat\u00e9riel. C’est la fonction principale de tout firewall. Les statistiques des ACL permettent d’obtenir rapidement de bonnes indications sur la nature du trafic. Vous pouvez aussi ajouter des r\u00e8gles pour affiner la destination du trafic.<\/p>\n\n\n\n

cisco_asa# show access-list acl_in\naccess-list acl_in; 17 elements\naccess-list acl_in line 1 permit tcp any any eq domain (hitcnt=7)\naccess-list acl_in line 2 permit udp any any eq domain (hitcnt=40379)\naccess-list acl_in line 3 permit tcp any any eq www (hitcnt=157103)\naccess-list acl_in line 4 permit tcp any any eq 8080 (hitcnt=466)\naccess-list acl_in line 5 permit tcp any any eq https (hitcnt=1910)\naccess-list acl_in line 6 permit tcp any any eq ftp (hitcnt=2)\naccess-list acl_in line 7 permit tcp any any eq smtp (hitcnt=550)\naccess-list acl_in line 8 permit tcp any any eq pop3 (hitcnt=14660)<\/code><\/pre>\n\n\n\n
\u00a0
R\u00e9initialisez les compteurs depuis le mode de configuration pour avoir les derni\u00e8res statistiques:<\/p>\n\n\n\n
cisco_asa# configure terminal\ncisco_asa(config)# clear access-list acl_in counters<\/code><\/pre>\n\n\n\n

Trafic<\/h3>\n\n\n\n
Il est possible d’afficher le trafic de chaque interface du PIX. Il vaut mieux remettre \u00e0 0 les donn\u00e9es pour avoir des r\u00e9sultats plus r\u00e9cents et plus pr\u00e9cis.<\/p>\n\n\n\n
cisco_asa# clear traffic<\/code><\/pre>\n\n\n\n
\u00a0
Attendez un peu pour collecter les donn\u00e9es sur cette p\u00e9riode de temps avant d’afficher le trafic global.<\/p>\n\n\n\n
cisco_asa# show traffic\noutside:\n        received (in 9.570 secs):\n                133 packets     19918 bytes\n                13 pkts\/sec     2081 bytes\/sec\n        transmitted (in 9.570 secs):\n                199 packets     22997 bytes\n                20 pkts\/sec     2403 bytes\/sec\ninside:\n        received (in 9.570 secs):\n                158 packets     14392 bytes\n                16 pkts\/sec     1503 bytes\/sec\n        transmitted (in 9.570 secs):\n                102 packets     14264 bytes\n                10 pkts\/sec     1490 bytes\/sec<\/code><\/pre>\n\n\n\n

Type de trafic<\/h3>\n\n\n\n
Pour afficher le nombre de connexions par seconde par type de trafic, des couches transport aux applications:<\/p>\n\n\n\n
cisco_asa# show perfmon\n\nPERFMON STATS:    Current      Average\nXlates               0\/s          0\/s\nConnections          0\/s          0\/s\nTCP Conns            0\/s          0\/s\nUDP Conns            0\/s          0\/s\nURL Access           0\/s          0\/s\nURL Server Req       0\/s          0\/s\nTCP Fixup           27\/s          1\/s\nTCPIntercept         0\/s          0\/s\nHTTP Fixup           5\/s          2\/s\nFTP Fixup            0\/s          0\/s\nAAA Authen           0\/s          0\/s\nAAA Author           0\/s          0\/s\nAAA Account          0\/s          0\/s<\/code><\/pre>\n\n\n\n

D\u00e9tail des Sessions<\/h3>\n\n\n\n
Affichez le nombre de connexions actuelles et maximum comme ceci<\/p>\n\n\n\n
cisco_asa# show conn count\n35 in use, 195 most used<\/code><\/pre>\n\n\n\n
 
Ou de fa\u00e7on plus d\u00e9taill\u00e9e en affichant chaque connexion \u00e9tablie:<\/p>\n\n\n\n
cisco_asa# show conn\n33 in use, 195 most used\nTCP out 172.18.0.1:23 in 192.168.9.101:1155 idle 0:00:32 Bytes 19354 flags UIO\nTCP out 172.18.0.1:23 in 192.168.9.107:1151 idle 0:03:49 Bytes 156840 flags UIO\n...<\/code><\/pre>\n\n\n\n
 
Tr\u00e8s utile puisque l’on peut voir le nombre d’octets transf\u00e9r\u00e9s pour chaque connexion.
 <\/p>\n\n\n\n
M\u00e9moire et processeur<\/h3>\n\n\n\n
Et bien s\u00fbr, contr\u00f4lez les ressources m\u00e9moire et CPU<\/p>\n\n\n\n
cisco_asa# show cpu usage\nCPU utilization for 5 seconds = 2%; 1 minute: 2%; 5 minutes: 6%\n\ncisco_asa# show memory\nFree memory:         5069344 bytes\nUsed memory:        11707872 bytes\n-------------     ----------------\nTotal memory:       16777216 bytes<\/code><\/pre>\n\n\n\n

Monitoring sur le long terme<\/h3>\n\n\n\n
De nombreux outils sont disponibles pour mesurer le trafic de chaque interface et l’exporter sous forme de graphiques. On n’est capable de d\u00e9tecter une anomalie qu’en comparant les donn\u00e9es actuelles avec celles pr\u00e9c\u00e9demment enregistr\u00e9es. Un graphique est le meilleur moyen d’y parvenir.
Parmi les outils les plus populaires, j’ai retenu Cacti, MRTG ainsi que Smokeping. Ce dernier permet de visualiser la latence d’un lien.<\/p>\n\n\n\n
Vous trouverez plus d’informations \u00e0 ce sujet dans la documentation<\/a> en ligne de Cisco<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Comment analyser le trafic traversant votre firewall Cisco PIX ou ASA lorsque les temps de r\u00e9ponse deviennent extr\u00eamement lents, la bande passante est satur\u00e9e ou anormalement \u00e9lev\u00e9e, ou que les d\u00e9bits de t\u00e9l\u00e9chargement sont proches de 0?\u00a0 Statistiques des access lists Vous avez probablement mis en place des access lists pour restreindre le trafic sortant […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[20],"tags":[343,408,228,232],"yoast_head":"\nNetexpertise - Analyser et monitorer le trafic sur PIX\/ASA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netexpertise - Analyser et monitorer le trafic sur PIX\/ASA\" \/>\n<meta property=\"og:description\" content=\"Comment analyser le trafic traversant votre firewall Cisco PIX ou ASA lorsque les temps de r\u00e9ponse deviennent extr\u00eamement lents, la bande passante est satur\u00e9e ou anormalement \u00e9lev\u00e9e, ou que les d\u00e9bits de t\u00e9l\u00e9chargement sont proches de 0?\u00a0 Statistiques des access lists Vous avez probablement mis en place des access lists pour restreindre le trafic sortant […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html\" \/>\n<meta property=\"og:site_name\" content=\"Netexpertise\" \/>\n<meta property=\"article:published_time\" content=\"2010-09-29T12:12:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-04T21:10:25+00:00\" \/>\n<meta name=\"author\" content=\"dave\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@netexpertise\" \/>\n<meta name=\"twitter:site\" content=\"@netexpertise\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html\",\"url\":\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html\",\"name\":\"Netexpertise - Analyser et monitorer le trafic sur PIX\/ASA\",\"isPartOf\":{\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/#website\"},\"datePublished\":\"2010-09-29T12:12:40+00:00\",\"dateModified\":\"2021-05-04T21:10:25+00:00\",\"author\":{\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/e398f0307e2b167f6b884c4953be2632\"},\"breadcrumb\":{\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"http:\/\/www.netexpertise.eu\/fr\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analyser et monitorer le trafic sur PIX\/ASA\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/#website\",\"url\":\"http:\/\/www.netexpertise.eu\/fr\/\",\"name\":\"Netexpertise\",\"description\":\"Syst\u00e8mes \/ R\u00e9seaux \/ DevOps\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.netexpertise.eu\/fr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/e398f0307e2b167f6b884c4953be2632\",\"name\":\"dave\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"caption\":\"dave\"},\"sameAs\":[\"http:\/\/www.netexpertise.eu\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netexpertise - Analyser et monitorer le trafic sur PIX\/ASA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html","og_locale":"fr_FR","og_type":"article","og_title":"Netexpertise - Analyser et monitorer le trafic sur PIX\/ASA","og_description":"Comment analyser le trafic traversant votre firewall Cisco PIX ou ASA lorsque les temps de r\u00e9ponse deviennent extr\u00eamement lents, la bande passante est satur\u00e9e ou anormalement \u00e9lev\u00e9e, ou que les d\u00e9bits de t\u00e9l\u00e9chargement sont proches de 0?\u00a0 Statistiques des access lists Vous avez probablement mis en place des access lists pour restreindre le trafic sortant […]","og_url":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html","og_site_name":"Netexpertise","article_published_time":"2010-09-29T12:12:40+00:00","article_modified_time":"2021-05-04T21:10:25+00:00","author":"dave","twitter_card":"summary_large_image","twitter_creator":"@netexpertise","twitter_site":"@netexpertise","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html","url":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html","name":"Netexpertise - Analyser et monitorer le trafic sur PIX\/ASA","isPartOf":{"@id":"http:\/\/www.netexpertise.eu\/fr\/#website"},"datePublished":"2010-09-29T12:12:40+00:00","dateModified":"2021-05-04T21:10:25+00:00","author":{"@id":"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/e398f0307e2b167f6b884c4953be2632"},"breadcrumb":{"@id":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.netexpertise.eu\/fr\/reseau\/cisco\/analyse-trafic-pix-asa.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"http:\/\/www.netexpertise.eu\/fr"},{"@type":"ListItem","position":2,"name":"Analyser et monitorer le trafic sur PIX\/ASA"}]},{"@type":"WebSite","@id":"http:\/\/www.netexpertise.eu\/fr\/#website","url":"http:\/\/www.netexpertise.eu\/fr\/","name":"Netexpertise","description":"Syst\u00e8mes \/ R\u00e9seaux \/ DevOps","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.netexpertise.eu\/fr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/e398f0307e2b167f6b884c4953be2632","name":"dave","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"http:\/\/www.netexpertise.eu\/fr\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","caption":"dave"},"sameAs":["http:\/\/www.netexpertise.eu"]}]}},"_links":{"self":[{"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/posts\/489"}],"collection":[{"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/comments?post=489"}],"version-history":[{"count":0,"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/posts\/489\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/media?parent=489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/categories?post=489"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/fr\/wp-json\/wp\/v2\/tags?post=489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}