I have often needed to find out who the top bandwidth users (top talkers) are on a Juniper SSG firewall.
Cisco’s have Netflow, and Junos has Jflow or whatever its called. Netscreen Juniper make a lot of noise about how good their traffic shaping is on the SSG firewalls, but finding who is using the bandwidth at any point in time has always eluded me, until today.
First you need to enable fprofiling
set fprofile packet enable
Now you need to capture some data
set fprofile packet startwait a bit, then turn it off
set fprofile packet stopNow you can see who the top talkers are by looking at the captured data
myfw-> get fprofile packet packet buffer size(in kilo-packets): 4 total ip packet: 4041 total ip packet time(us): 693434 total none-ip packet: 55 total none-ip packet time(us): 5834 Id Type Protocol Source Destination Sport Dport Time Percentage 1 ip 0x06 61.165.32.63 34.52.134.6 80 1369 195490 27.95% 2 ip 0x06 61.165.32.63 192.168.1.10 80 49362 104221 14.90% 3 ip 0x06 192.168.1.10 61.165.32.63 49362 80 78254 11.19% 4 ip 0x06 192.168.1.15 102.168.2.27 64754 4242 72124 10.31% 5 ip 0x06 87.248.210.253 34.52.134.6 80 1954 60716 8.68% 6 ip 0x06 102.168.2.27 192.168.1.15 4242 64754 38429 5.49% 7 ip 0x06 87.248.210.253 192.168.1.11 80 59031 31086 4.44% 8 ip 0x01 192.168.0.5 192.168.1.6 11 0 25952 3.71% 9 ip 0x06 192.168.1.11 87.248.210.253 59031 80 23852 3.41% 10 ip 0x06 34.52.134.6 87.248.211.190 1369 80 18404 2.63% myfw->
its good practice to clean up at the end
usnet fprofile packet enable
Recent Comments