FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lblossier
Staff
Staff

Description

This article explains how the output of the 'Diag sniff packet' command can be imported into Wireshark (Formally known as Ethereal).


Solution

1) Search the Internet for a free "activeperl", for example, ActivePerl-5.8.8.819-MSWin32-x86-267479.zip

2) Copy the "fgt2eth.pl" file, attached here, to Perl folder after install.

3) Open a DOS command window and execute:

cd\Perl  ( <-folder name of Perl after install)
perl fgt2eth.pl -in <file captured>.txt -out <output name>.cap

Once this has been completed the new.cap file can be opened in WireShark or the traffic analyzer accepting this format.

In order for this script to function properly, the fgt2eth script must be able to run a file named text2pcap.exe. This file will be installed as part of a Wireshark installation package.

If this file cannot be found by the fgt2eth script an error will be shown.  Ensure the path variable is set correctly on the PC to include the WireShark installation directory (by default c:\Program Files\Wireshark), or, move this script to the WireShark directory.

A windows packed version is also available for download.

The tool can use piped flow to Wireshark.

Usage:
Version : Dec 19 2014
Usage : fgt2eth.pl -in <input_file_name>
Mandatory arguments are:
-in  <input_file>   Specify the file to convert (FGT verbose 3 text file)
Optional arguments are:
-help                Display help only
-version             Display script version and date
-out <output_file>   Specify the output file (Ethereal readable)

By default <input_file>.pcap is used

-will start wireshark for realtime follow-up
-lines <lines>       Only convert the first <lines> lines
-demux               Create one pcap file per interface (verbose 6 only)
-debug               Turns on debug mode
Contributors