Use this article to check whether or not the TDA mirror packet traffic is two-way.
Do the following:
- Using Wireshark, open the pcap file from the TDA console.
- Look for the TCP traffic (HTTP, SMTP). Right-click on the TCP traffic and then select Follow TCP Stream.
Wireshark will only show the selected traffic session content.
One-Way Traffic
The image below shows the Source IP, 198.8.1.189, and the Destination IP, 192.168.33.102. This means that TDA received one-way traffic and that it cannot analyze this kind of traffic.
Two-Way Traffic
Two-way traffic information is similar to the screenshot below. The source field has Source and Destination IPs.