F5 BIG-IP SSL Orchestrator Training Lab > SSLO 101: Essential SSL Visibility with SSL Orchestrator (Agility 2022 | 2 hours) > 3. Create a Transparent Forward Proxy SSLO Source | Edit on

3.20. Test the new TAP service (optional - time permitting)¶

One way to see if the security service is seeing decrypted traffic is to log into the console shell and run a tcpdump capture on the interface. A tcpdump capture usually requires root or sudo access.

Let's check if we see clear-text data on the TAP device.

In the UDF UI, select the Access drop down selection on the Ubuntu18.04 Services VM, then select WEB SHELL.
In the web shell window, perform a packet capture using tcpdump. The client machine's IP address is 10.1.10.50.

sudo tcpdump -lnni br0 -Xs0 host 10.1.10.50

Browse to an HTTPS web site (e.g., https://www.cnn.com) from the Ubuntu18.04 Client machine (RDP session) and notice that the TAP device is receiving traffic unencrypted.
Return to the web shell and press <CTRL-C> to stop the tcpdump.

Attention

This is the end of the lab. Be sure to check out the SSL Orchestrator 201 lab for more.

Previous Next