Use this article to check whether or not the TDA mirror packet traffic is two-way.
Do the following:
- Using Wireshark, open the pcap file from the TDA console.
- Look for the TCP traffic (HTTP, SMTP). Right-click on the TCP traffic and then select Follow TCP Stream.
Wireshark will only show the selected traffic session content.
The image below shows the Source IP, 18.104.22.168, and the Destination IP, 192.168.33.102. This means that TDA received one-way traffic and that it cannot analyze this kind of traffic.
Two-way traffic information is similar to the screenshot below. The source field has Source and Destination IPs.