Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
arleniscg
Staff
Staff

Created on ‎01-26-2026 10:31 AM

Article Id 428211

Technical Tip: Troubleshooting FortiDDOS B/E dropped packet issues with one-armed sniffer on FortiGate 

Description This article describes how use FortiGate as a 'one-armed sniffer' for dropped packet capture.
Scope FortiDDOS B/E.
Solution

FortiGate One-Arm Sniffer mode provides passive, out-of-band traffic capture, including dropped packets and enables advanced troubleshooting and security analysis without impacting production traffic.

 

FDD kb ok topo.png

 

Server:

 

root@172.30.153.27's password: 
[root@Server ~]# cd /root/demo/be

1. while true; do ./run_non_stop_inbound_traffic.sh 1; sleep 1; done

2. while true; do tcpreplay -i eth1 --pps 20000 inbound_attack_traffic.pcap; done

 

Notes:

  • The script is generating non-stop inbound traffic.
  • Tcpreplay sending a PCAP file at 20,000 packets per second on the eth1 interface.

Client:     

 

root@172.30.153.26's password: fortinet
[root@Client1 ~]# cd /root/mliu/be

1. while true; do ./run_non_stop_outbound_traffic.sh 1; sleep 1; done

2. while true; do tcpreplay -i eth1 --pps 20000 outbound_attack_traffic.pcap; done

 

FortiGate:

 

Network -> Interface.


FGT.png

 

FortiDDoS:

 

  1. SPP-Default (prevention).
FDD.png

 

  1. Enable Dropped Packet Capture on the interface.

 

FDD2.png

 

'One-armed sniffer' check:

 

pcap.png
24
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.