FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.


This article explains how the output of the 'Diag sniff packet' command can be imported into Wireshark (Formally known as Ethereal).


1) Search the Internet for a free "activeperl", for example,

2) Copy the "" file, attached here, to Perl folder after install.

3) Open a DOS command window and execute:

cd\Perl  ( <-folder name of Perl after install)
perl -in <file captured>.txt -out <output name>.cap

Once this has been completed the new.cap file can be opened in WireShark or the traffic analyzer accepting this format.

In order for this script to function properly, the fgt2eth script must be able to run a file named text2pcap.exe. This file will be installed as part of a Wireshark installation package.

If this file cannot be found by the fgt2eth script an error will be shown.  Ensure the path variable is set correctly on the PC to include the WireShark installation directory (by default c:\Program Files\Wireshark), or, move this script to the WireShark directory.

A windows packed version is also available for download.

The tool can use piped flow to Wireshark.

Version : Dec 19 2014
Usage : -in <input_file_name>
Mandatory arguments are:
-in  <input_file>   Specify the file to convert (FGT verbose 3 text file)
Optional arguments are:
-help                Display help only
-version             Display script version and date
-out <output_file>   Specify the output file (Ethereal readable)

By default <input_file>.pcap is used

-will start wireshark for realtime follow-up
-lines <lines>       Only convert the first <lines> lines
-demux               Create one pcap file per interface (verbose 6 only)
-debug               Turns on debug mode