An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
- diagnose sniffer packet any `udp port 500'
- diagnose sniffer packet any `udp port 4500'
- diagnose sniffer packet any `esp'
- diagnose sniffer packet any `udp port 500 or udp port 4500'
Answer(s): C
Explanation:
Capture IKE Traffic without NAT:
diagnose sniffer packet `host and udp port 500'
--------------------------------------------------------------------------- Capture ESP Traffic without NAT:
diagnose sniffer packet any `host and esp'
--------------------------------------------------------------------------- Capture IKE and ESP with NAT-T:
diagnose sniffer packet any `host and (udp port 500 or udp port 4500)'
Reveal Solution Next Question