How to monitor http traffic on network monitor on a different http tcp port
I having an issue with a customer. This customer is using a proxy (squid) for http, https, FTP, etc. We configured network monitor to inspect http, FTP traffic. Customer is using tcp port 3128 to redirect traffic trough the proxy. The problem is that there are no incidents reported on DLP console. I added a custom protocol, I named it HTTP2 and choose 3128 as tcp port, then I activated this protocol to be monitored but the problem persist. We used a span port for network monitor. This span port is monitoring the "inside" interface of the squid proxy.