Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure second NIC for Promiscuous mode in Windows 2003 4

Status
Not open for further replies.
Dfig

Dfig

MIS
Feb 5, 2005
104
US
We use Websense for content filtering. I want to configure the second NIC on my Websense Server to Promiscuous mode so I can look at all the traffic (after configuring a Spanning port on my switch) but I don't know where to set that. Can someone point me in the right direction? I am running Windows 2003 R2 SP2 on my Server.
 
Sort by date Sort by votes
Are you sure traffic goes THROUGH Websense? The firewall queries the desired site against the WebSense list and then sends the user either to the site or the block page. I think just the query traffic goes to Websense.

I'm assuming, of course, that you're using it with a Cisco firewall that is setup that way.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
As it is set up now, there is a statement in the firewall to verify all port 80 traffic with Websense which is . I want to be able to filter certain protocols (such as IM). I was told by my Websense reseller that I would have to configure my second NIC(In Promiscuous mode) to plug into a configured Span port on the same switch that my Firewall is plugged into (Pix 515) and then go into my Websense management console and configure the network agent. The reseller told me that when I was ready for this I can call him to walk me through it.
 
Upvote 0 Downvote
Upvote 0 Downvote
OK, the port spanning setup seems easy and as far as Websense we are running version 6.3 I don't know if Wincap is part of it but I'll check. Now I just need to know how to configure my second NIC.
 
Upvote 0 Downvote
If you are going to be "sniffing" with that NIC, just set it up to obtain it's IP automatically. With WinPcap loaded, and the port spanned, this should be the setup you need.
 
Upvote 0 Downvote
That's great. Thank you all for your valuable posts.
 
Upvote 0 Downvote
I didn't load WinPcap, i set the NIC in Promiscuous mode by removing the Internet protocol from the NIC properties.

I am using websense 6.3, and a netgear switch, the soruce port plugs to the core switch - LAN traffic comes from

the monitoring/sniffer port and is plugged into the monitor second NIC on the websense box.

Then the first NIC on the websense box (configured with an IP) goes into the same switch on a standard port, for blocking and normal server communication.

my two firewalls are also plugged into standard ports on the same switch



 
Upvote 0 Downvote
baddos, the spanning port config you gave me is for a 2900.
The 2950 is a little different.
switch(config)#monitor session 1 detination interface
fastethernet 1
switch(config)#monitor session 1 source interface
fastethernet 2

Thanks Helenp1983. This is what I was looking for....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
290
Aquiles Vidal
Aquiles Vidal
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
261
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
434
gbaughma
gbaughma
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
515
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
344
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top