Technical Tip: FortiOS Packet Sniffer displays eac...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 381498

Description

This article describes an issue where the FortiOS packet sniffer displays each packet twice when a packet capture is started on the GUI/CLI.

Scope

FortiGate v7.6.1, v7.6.2.

Solution

When using the packet sniffer on FortiGate, both ingress and egress packets may appear twice in the sniffer output.

diagnose sniffer packet port1 'host 208.91.112.55' 4 10000 l
interfaces=[port1]
filters=[host 208.91.112.55]
2025-03-07 12:09:18.029629 port1 -- 10.21.4.33 -> 208.91.112.55: icmp: echo request
2025-03-07 12:09:18.029629 port1 -- 10.21.4.33 -> 208.91.112.55: icmp: echo request
2025-03-07 12:09:18.035475 port1 -- 208.91.112.55 -> 10.21.4.33: icmp: echo reply
2025-03-07 12:09:18.035475 port1 -- 208.91.112.55 -> 10.21.4.33: icmp: echo reply

However, a packet sniffer on the upstream device does not show the packets being sent twice by FortiGate, and debug flow does not indicate that FortiOS is processing the received packet twice.

This issue has been resolved in FortiOS version 7.6.3.

335

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: FortiOS Packet Sniffer displays each Packet twice on GUI/CLI

You are leaving our website