Dear All, I have the following logs from Cisco PIX. <166>Aug 10 2005 13:33:39 pix: %PIX-6-302013: Built outbound TCP connection 31174127 for outside:213.251.133.214/80 (213.251.133.214/80) to inside:172.24.194.107/52646 (64.211.150.166/54503) <166>Aug 10 2005 13:33:39 saravana: %PIX-6-302014: Teardown TCP connection 31174127 for outside:213.251.133.214/80 to inside:172.24.194.107/52622 duration 0:00:39 bytes 3549 TCP FINs One is transaction start log and other one is transaction finish log. Using the above two logs, how can I identify how many bytes coming into your LAN and how many bytes going out of my firewall? CiscoPIX has only one bytes field which gives you the data transferred. I want to identify incoming bytes and outgoing bytes. Or at least can I conclude that if originator of the traffic is behind the firewall, all the traffic is INBOUND. thanks Saravana _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Sep 20 2005 - 06:30:54 PDT