|
1) Take SSH access to the FortiAP via FortiGate CLI or via Putty SSH and log the Putty SSH:
# execute ssh admin@<FAP_IP>
2) 'tcpdump' captures can be enabled on any of the following interfaces listed on the FortiAP.
Use the below command to list the interfaces from CLI:
# ifconfig
3) For example, to capture DHCP packets on 'br0' interface from CLI:
# tcpdump -i br0 'port 67 or 68'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode.
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
04:02:04.874826 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 4a:2c:a6:xx:xx:xx (oui Unknown), length 349
4) Second example, to capture ICMP packets on 'wl0.2' interface from CLI:
# tcpdump -i wl0.2 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wl0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
14:42:37.700461 IP 9.1.1.2 > 9.1.1.3: ICMP echo request, id 65105, seq 114, length 64
14:42:37.738741 IP 9.1.1.3 > 9.1.1.2: ICMP echo reply, id 65105, seq 114, length 64
14:42:39.712678 IP 9.1.1.2 > 9.1.1.3: ICMP echo request, id 65105, seq 116, length 64
14:42:39.845711 IP 9.1.1.3 > 9.1.1.2: ICMP echo reply, id 65105, seq 116, length 64
Related document:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-usin...
|
