New Member

Solved

Packet capture in 5.2?

Forum|Forum|11 years ago
June 25, 2014
8 replies
49362 views

Hrm. Upgraded a little 60D dev firewall to 5.2 to give it a test drive. One of the first things I' ve noticed is that the packet capture menu that used to be under System > Network isn' t there any longer. I checked the 5.2 docs -- and it looks like that' s where it' s still *supposed* to be. Also checked the admin profile to make sure the super_admin profile still had " packet capture configuration" permissions (it does). Bug? Or am I just missing something.

Best answer by emnoc

https://x.x.x.x/p/firewall/sniffer/

Where x.x.x.x is your interface for mng-https.

fruit_companyAuthor

New Member

Does look like a bug in the FW web GUI. Found another post that said you can still get to it by going direct to the URL (sorry for not giving credit to the person who found this). Packet capture menu can still be reached at: https://[firewall mgmt IP]/p/firewall/sniffer/ Worked for me.

simonorch

Explorer

The packet capture page comes up on the 30D and you can create filters but you can' t run the capture, or at least the start button doesn' t work.

Carl_Wallmark

New Member

(sorry for not giving credit to the person who found this)

itÂ´s ok

lightmoon1992

New Member

diag sniffer packet " interface name" " capture filter" 3 this will give you the exact same output if you save all the output through your terminal tool (putty for example), and then you convert it via perl command. details described below: [link=]http://docs-legacy.fortinet.com/frec/admin_hlp/1-1-0/index.html#page/FortiRecorder_Help/packet_capture.html[/link]

Jack_Gerbs

New Member

https://[firewall mgmt IP]/p/firewall/sniffer/

I just tried this and it appears to be there on my 110C, but the only interfaces available for the capture are in the root VDOM. Interfaces in other VDOMs do not show up. I am curious what the URL is to interfaces assigned to other VDOMs I am a big fan of the CLI for sniffing traffic.

Warren_Olson_FTNT

Staff

CLI is also preferred for me but the caveat is knowing how much data will be passing across the screen, too much data and you can start losing information due to putty or whatever term utility can' t keep up with buffering/writing to log.

Sean_Toomey_FTNT

Staff

CLI is certainly possible but you have to convert it to Wireshark format with a perl script. I have 5.2 GA on a FortiGate 100D and also on FortiGate VM and this options is there for me (see pic). Also don' t forget you can capture packets on a per-rule basis now! Can do this one from GUI or CLI. In GUI there is a checkbox, in CLI there is option under rule edit for set capture-packet enable/disable Cheers!

Db84536.jpg

emnocAnswer

New Member

https://x.x.x.x/p/firewall/sniffer/

Where x.x.x.x is your interface for mng-https.

rthomp

New Member

Has anyone seen this issue? I do a packet capture dia sniffer packet any "host 10.1.1.100" 4 and after one packet or two is displayed on the screen then it stops. Is this a Fortigate setting that is preventing this?

AlexFeren

New Member

rthomp wrote:
Has anyone seen this issue? I do a packet capture dia sniffer packet any "host 10.1.1.100" 4 and after one packet or two is displayed on the screen then it stops. Is this a Fortigate setting that is preventing this?

Can't comment on "after one packet or two ... stops", however, FYI, as per Technical Note: Packet capture buffer limit there's a 2MB buffer limit.

Sean_Toomey_FTNT wrote:
Also don' t forget you can capture packets on a per-rule basis now!

Unfortunately, requires log disk - not useful on lower-end devices.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded