Use TCPdump to capture the live traffic by using the below command.
For LAN traffic
# tcpdump -nni eth0 host 192.168.0.2
Note: eth0 is LAN interface and 192.168.0.2 is server IP.
For WAN IPsec Traffic
# tcpdump -nni eth2 esp
Note: eth2 is WAN interface and ESP shows encrypted packet
tcpdump -nni eth1 port 500 or port 4500
eth1 - WAN Interface
tcpdump -nni any host 192.168.2.32 and 192.168.3.244
[IPSec VPN Troubleshooting Decision Diagram-CyberBruhArmy - https://cyberbruharmy.gumroad.com/ ](https://cyberbruharmy.notion.site/IPSec-VPN-Troubleshooting-Decision-Diagram-CyberBruhArmy-https-cyberbruharmy-gumroad-com-ae2f54ec43ea4c32a407d275cf0077a6)