FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gagandeeps
Staff
Staff
Article Id 386867
Description The article describes capturing the ARP traffic using FortiGate GUI and CLI on all the below-mentioned versions.
Scope FortiGate OS version 7.2.x, 7.4.x, 7.6.x
Solution

Option 1: Capturing "ARP" traffic using the GUI:

 

  1. Access the Packet Capture Section:
  • Go to Network -> Packet Capture or diagnostics in the FortiGate GUI.

 

  1. Add a Packet Capture Filter:
  • Select 'Add' to create a new packet capture filter.

 

  1. Configure the Filter:
  • Interface: Select the interface from the drop-down to capture traffic.
  • Max Packets to Save: Enter the number of packets to be captured.
  • Enable Filters: Check this option to specify filter fields.
  • Enable the 'Include non-IP packets' radio button.
  • Start capture and download the PCAP file.
  • Filter out ARP packets using the screenshots given below.

 

arp-4.JPG

 

arp-2.JPG

 

Option 2: Capturing 'ARP' traffic using the CLI:

 

diag sniffer packet portx 'arp' 4 0 l  <----- Where x is the port on which 'ARP' traffic needs to be captured.