Hi fellow Websense users,
We are using our websense network agent in conjunction with a Cisco ASA 5510 firewall. There's a mirrored port from a Dell 5424 switch that mirrors all network traffic to the monitoring NIC on our Websense box.
Recently, I decided that it would be useful to have wireshark (tshark) capture all our network traffic in a ring buffer. Unfortunately, the Dell 5424 switch that mirrors all our network traffic to/from the ASA is limited to only mirror that data to one port.
Since I don't want to introduce more hardware to the network, (extra switches or taps) I am thinking about running tshark on the Websense machine to capture all the traffic on the monitoring NIC. Does anyone know if there's a way for tshark and websense to both use the monitoring NIC? I want Websense to use the data for web filtering, and tshark to capture all the data.
Has anyone done this successfully, or have any advice on doing this?
Thanks,
- Ken