NSE 7 – Network Security Architect — Question 2

Examine the following partial output from a sniffer command; then answer the question below.
# diagnose sniff packet any icmp 4
interfaces=[any]
filters=[icmp]
2.101199 wan2 in 192.168.1.110 -> 4.2.2.2: icmp: echo request
2.1011400 wan1 out 172.17.87.16 -> 4.2.2.2: icmp: echo request
.....
2.123500 wan2 out 4.2.2.2 -> 192.168.1.110: icmp: echo reply
244 packets received by filter
5 packets dropped by kernel
What is the meaning of the packets dropped counter at the end of the sniffer?

Answer options

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Correct answer: D

Explanation

The dropped packets counter indicates the number of packets that matched the sniffer filter but could not be captured due to resource limitations or other issues in the sniffer process. The other options misinterpret this counter, as A refers to unmatched packets, B refers to all packets dropped regardless of filter, and C incorrectly states that the packets were dropped after matching the filter.