Sniffer syntax help.

The best I can come up with is

 diagnose sniffer packet any ' host x.x.x.x and ( tcp port 6520 or 6521 or 6522)'   

and so on. No ' greater' , ' gt' , ' >' , ' portrange' tokens as it seems.

Argh...... Thanks for the confirmation.

btw: pcap expression filters allows for the execution of the portrange in the expression filters, but I don' t know how you would string this on the fortigate from my macosx for example kota:~ root# kota:~ root# tcpdump -i en1 -n -vvv portrange 80-100 tcpdump: listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes ede_pfau example would work, but could be tedious if you had a big range of ports. Also tcpdump expressions allow for using the portrange along with src or dst parameters e.g tcpdump dst portrange 80-100