Description
This article discusses about Packet sniffer feature from CLI.
Scope
FortiAPs compatible with FOS (E, F, U series Fortigate compatibility mode).
Solution
For troubleshooting, communication validation from FortiAP to controllers and other network resources could be very useful to speed up analysis and problem resolution.
FortiAPs have the almost same feature as FortiGates for packet sniffer analysis.
on FortiAP CLI it is possible to sniff traffic for Management (CAPWAP) tunnels by using the following commands:
FAP# diag_sniffer
interfaces=[br0]
filters=[udp and (port 5246 or port 5247)]
0.658404 192.168.110.2.57628 -> 192.168.110.254.5247: udp 257
0x0000 0009 0f09 000e e81c ba9f 4000 0800 45a0 ..........@...E.
0x0010 011d 6186 0000 4011 b958 c0a8 6e02 c0a8 ..a...@..X..n...
0x0020 6efe e11c 147f 0109 0000 0030 4330 0000 n..........0C0..
It is possible to try to use the same filter commands as Fortigate devices to capture a different kinds of traffic as needed and use different verbose level outputs.
Default output is equivalent to a FortiGate command:
# diagnose sniffer packet br0 “udp and (port 5246 or port 5247)” 6 0 a
Related documents:
https://community.fortinet.com/t5/FortiAP/Technical-Tip-How-to-check-why-FortiAP-got-Offline-from/ta...
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/680228/performing-a-sniffer-...
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...
https://docs.fortinet.com/document/fortiap/7.0.4/fortiwifi-and-fortiap-configuration-guide/65088/for...
