Skip to main content
Ramesh_M
Ramesh_M
New Member
May 28, 2014
Question

Need to convert the sniffer traffic to wireshark

  • May 28, 2014
  • 2 replies
  • 24196 views
Hi Team, I want to see the captured packet in wireshark. Kindly let me know how the sniffer or debug logs can be open in wireshark. Regards/ Ramesh M

    2 replies

    netmin
    netmin
    New Member
    May 28, 2014
    Hi Ramesh, try with the attached tools: http://kb.fortinet.com/kb/documentLink.do?externalId=11186
    antoniocfc
    antoniocfc
    New Member
    July 24, 2018

    netmin wrote:
    Hi Ramesh, try with the attached tools: http://kb.fortinet.com/kb/documentLink.do?externalId=11186

    The attached tool does not working. So, I made an alternative. It's a simple pythonic script working like a charm.

      Fortigate Dump converter to Wireshark Hexdump

    https://github.com/afsec/fgt2wireshark

    Requires python >= 2.7

    How to use

    Get some packets from Fortigate

    In this case we're getting 1000 packets

    printf "diagnose sniffer packet wan1 none 6 1000" | ssh USER@server.example.org | tee dump_firewall.txt

    If you are using vdom

    printf "config vdom\nedit root\ndiagnose sniffer packet wan1 none 6 1000" | ssh USER@server.example.org | tee dump_firewall.txt

    Converting packets from Fortigate Dump to Wireshark HexDump

    [ol]
  • Open Wireshark
  • Click File
  • Click Import from Hex Dump...
  • Click Browse
  • Choose the file dump_firewall.txt and click Open
  • Click Import[/ol]
    • emnoc
    emnoc
    New Member
    June 2, 2014
    FWIW if your fortgate device has the ability for packet capturing in the WebGUI, just download the pacp. Their' s no need to convert anything and the file format is that of a pcap format MacBook13:~ kfelix$ cd Downloads/ MacBook13:Downloads kfelix$ ls sniffer_1.pcap sniffer_1.pcap MacBook13:Downloads kfelix$ file sniffer_1.pcap sniffer_1.pcap: tcpdump capture file (little-endian) - version 2.4 (Linux " cooked" , capture length 1600) MacBook13:Downloads kfelix$
    Terms & ConditionsAccessibility statement