Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ldsouza
Staff
Staff

Created on ‎03-31-2021 05:14 AM

Article Id 193867

Technical Tip: Capture ESP and Interesting traffic on single GUI console/SSH session

Description
This article provides command to collect the sniffer ESP and Interesting traffic on single command line window or in SSH session.

Solution
To collect the packet capture of ESP and Interesting traffic for example ICMP, enable the following sniffer command format.
# diag sniffer packet any "(host <VPN peer IP> and esp) or (host <IP address of the remote machine > and protocol)" 6 0 a
Example :

1) In the below example ICMP traffic generated with ESP filter.
FGT91E-1 (root) # diagnose sniffer packet any "(host 10.5.20.146 and esp) or (host 10.10.10.100 and icmp)" 4 0 a

filters=[(host 10.5.20.146 and esp) or (host 10.10.10.100 and icmp)]
2021-03-31 10:38:08.536928 test1 out 10.189.4.141 -> 10.10.10.100: icmp: echo request
2021-03-31 10:38:08.536965 wan1 out 10.5.20.141 -> 10.5.20.146: ESP(spi=0x1c35548f,seq=0x11)
2021-03-31 10:38:08.536972 eth0 out 10.5.20.141 -> 10.5.20.146: ESP(spi=0x1c35548f,seq=0x11)
2021-03-31 10:38:08.537181 wan1 in 10.5.20.146 -> 10.5.20.141: ESP(spi=0x1b6c18f7,seq=0xc)
2021-03-31 10:38:08.537208 test1 in 10.10.10.100 -> 10.189.4.141: icmp: echo reply

3675
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.