Solution |
1) Access the FortiExtender with SSH using Putty SSH. Log the Putty SSH.
2) Enable 'tcpdump' captures on any of the following interfaces listed in the 'get system interface' output on the FortiExtender:
# get system interface
== [ port4 ] name: port4 status: online/up/link up type: physical mac: ac:71:2e:xx:xx:xx mode: dhcp ip: 192.168.254.2/24 mtu: 1500 gateway: 192.168.254.1 dns: 192.168.254.1 == [ wan ] name: wan status: online/up/link down type: physical mac: ac:71:2e:xx:xx:xx mode: dhcp ip: 0.0.0.0/0 mtu: 1500 gateway: 0.0.0.0 == [ sfp ] name: sfp status: online/up/link down type: physical mac: ac:71:2e:xx:xx:xx mode: dhcp ip: 0.0.0.0/0 mtu: 1500 gateway: 0.0.0.0 == [ lan ] name: lan status: online/up/link down type: lan-switch mac: ac:71:2e:xx:xx:xx mode: static ip: 192.168.200.99/24 mtu: 1500 gateway: 0.0.0.0 == [ lo ] name: lo status: online/up/link up type: loopback mac: 00:00:00:00:00:00 mode: static ip: 127.0.0.1/8 mtu: 65536 gateway: 0.0.0.0 == [ lte1 ] name: lte1 status: online/up/link up type: lte mac: 7e:11:98:xx:xx:xx mode: dhcp ip: 192.x.x.x/24 mtu: 1472 gateway: 192.0.0.X dns: 192.0.0.X == [ vlan1 ] name: vlan1 status: online/up/link up type: vlan mac: 76:ac:f0:xx:xx:xx mode: static ip: 0.0.0.0/0 mtu: 1500 gateway: 0.0.0.0 vid: 5
3) Run the following tcpdump commands on the FortiExtender:
# execute tcpdump -n -i lte1 # execute tcpdump -n -i lte1 -vv
# execute tcpdump -nn -i port4 'host X.X.X.X' # execute tcpdump -n icmp
Example tcpdump outputs when there's traffic on the lte1 and lan interfaces on the FortiExtender:
# execute tcpdump -n -i lte1 -vv
tcpdump: enabling -nn option tcpdump: listening on lte1, link-type EN10MB (Ethernet), capture size 262144 bytes 09:40:08.112966 IP (tos 0x0, ttl 64, id 33083, offset 0, flags [DF], proto ICMP (1), length 84) 10.1.X.X > 8.8.8.8: ICMP echo request, id 17966, seq 110, length 64 09:40:08.151672 IP (tos 0x0, ttl 64, id 53139, offset 0, flags [none], proto ICMP (1), length 40) 10.1.X.X > 8.8.8.8: ICMP echo request, id 2104, seq 10249, length 20
# execute tcpdump -vv -i lan -nn host 8.8.8.8 and icmp tcpdump: listening on lan, link-type EN10MB (Ethernet), snapshot length 262144 bytes 09:31:42.651474 IP (tos 0x0, ttl 128, id 9087, offset 0, flags [none], proto ICMP (1), length 60) 192.168.200.111 > 8.8.8.8: ICMP echo request, id 1, seq 2991, length 40 09:31:47.662687 IP (tos 0x0, ttl 128, id 9093, offset 0, flags [none], proto ICMP (1), length 60) 192.168.200.111 > 8.8.8.8: ICMP echo request, id 1, seq 2992, length 40
4) To stop the tcpdump capture prints, use 'Ctrl+C' on Windows.
5) Alternatively, to list interfaces on the FortiExtender CLI, run 'execute ifconfig'.
|