Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gagandeeps
Staff
Staff

Created on ‎04-10-2025 09:56 AM Edited on ‎05-27-2025 06:55 AM By Moderator

Article Id 386867

Technical Tip: How to capture ARP traffic using Packet Capture on FortiOS GUI and CLI

Description The article describes capturing the ARP traffic using FortiGate GUI and CLI on all the below-mentioned versions.
Scope FortiGate OS version 7.2.x, 7.4.x, and 7.6.x.
Solution

Option 1: Capturing 'ARP' traffic using the GUI:

 

  1. Access the Packet Capture Section:

Go to Network -> Packet Capture or diagnostics in the FortiGate GUI.

 

  1. Add a Packet Capture Filter:

Select 'Add' to create a new packet capture filter.

 

  1. Configure the Filter:
  • Interface: Select the interface from the drop-down to capture traffic.
  • Max Packets to Save: Enter the number of packets to be captured.
  • Enable Filters: Check this option to specify filter fields.
  • Enable the 'Include non-IP packets' radio button.
  • Start capture and download the PCAP file.
  • Filter out ARP packets using the screenshots given below.

 

arp-4.JPG

 

arp-2.JPG

 

Option 2: Capturing 'ARP' traffic using the CLI:

 

diagnose sniffer packet portx 'arp' 4 0 l  <----- Where x is the port on which 'ARP' traffic needs to be captured.

diagnose sniffer packet any 'arp' 4 0 l   <---- To check ARP traffic for any interface.
944
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.