Staff

Technical Tip: Capture traffic into separate files

Forum|Forum|1 year ago
May 26, 2025
0 replies
354 views

Description

This article describes how to perform long-term packet capture with the output in multiple, separate files instead of capturing traffic into one enormous PCAP file.

Scope

FortiNAC v9.4.X.

Solution

Open SSH to a FortiNAC, and execute the command below:

tcpdump -W 20 -C 20 -w Capture.pcap

Where '-W' filecount (20 files will be created), '-C' file_size (each maximum 20 MB), '-w' file_name (Capture.pcap). This instruction allows to capture of a new file once the file size reaches the option value. Output could be:

Capture0.pcap
Capture1.pcap
Capture2.pcap
…
Capture19.pcap

Those files could be downloaded from the FortiNAC:

Technical Tip: Run tcpdump in FortiNAC-F and save capture as a file

Technical Tip: FileTransfer with TFTP for FortiNAC-F