3.20. Test the new TAP service (optional - time permitting)ΒΆ

One way to see if the security service is seeing decrypted traffic is to log into the console shell and run a tcpdump capture on the interface. A tcpdump capture usually requires root or sudo access.

Let's check if we see clear-text data on the TAP device.

  • In the UDF UI, select the Access drop down selection on the Ubuntu18.04 Services VM, then select WEB SHELL.
  • In the web shell window, perform a packet capture using tcpdump. The client machine's IP address is
sudo tcpdump -lnni br0 -Xs0 host
  • Browse to an HTTPS web site (e.g., https://www.cnn.com) from the Ubuntu18.04 Client machine (RDP session) and notice that the TAP device is receiving traffic unencrypted.
  • Return to the web shell and press <CTRL-C> to stop the tcpdump.


This is the end of the lab. Be sure to check out the SSL Orchestrator 201 lab for more.