F5 BIG-IP SSL Orchestrator Training Lab > SSLO 101: Essential SSL Visibility with SSL Orchestrator (Agility 2022 | 2 hours) > 3. Create a Transparent Forward Proxy SSLO Source | Edit on
3.20. Test the new TAP service (optional - time permitting)¶
One way to see if the security service is seeing decrypted traffic is to log into the console shell and run a tcpdump capture on the interface. A tcpdump capture usually requires root or sudo access.
Let's check if we see clear-text data on the TAP device.
- In the UDF UI, select the Access drop down selection on the Ubuntu18.04 Services VM, then select WEB SHELL.
- In the web shell window, perform a packet capture using tcpdump. The client machine's IP address is 10.1.10.50.
sudo tcpdump -lnni br0 -Xs0 host 10.1.10.50
- Browse to an HTTPS web site (e.g., https://www.cnn.com) from the Ubuntu18.04 Client machine (RDP session) and notice that the TAP device is receiving traffic unencrypted.
- Return to the web shell and press <CTRL-C> to stop the tcpdump.
This is the end of the lab. Be sure to check out the SSL Orchestrator 201 lab for more.