There is valid HTTP traffic, but not traffic which needs to be examined by DLP - that is, the traffic only contains GET requests or HTTP responses.Ĭonfirm that the SPAN or TAP is configured to send traffic of the correct type (and direction) to the Monitor. If none of the packets remain after applying the above filter, then no HTTP Post data is seen. Open the capture in Wireshark, and apply a filter for HTTP POST to the pcap file: If customers are using an Endace card follow this KB to create a packet capture that is readable by Wireshark: TECH221214. Just open the packet capture created by tcpdump in wirehark to filter it. For details on using tcpdump, please see TECH221427. On Linux systems, you can install wireshark to do a packet capture, but using the built in tool tcpdump will work, too. First you'll need to download and install Wireshark ( ) on the Network Monitor where traffic should be going.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |