FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to capture LLDP (Link Layer Discovery Protocol) packets to investigate the issue further in a FortiGate .
Scope
FortiGate.
Solution
If the user encounters LLDP (Link Layer Discovery Protocol) issue on the FortiGate unit and would like to filter respective traffic to investigate the issue further only with specific LLDP packets, consider using the following sniffer.
One can do it with CLI commands of FortiGate via Telnet, SSH, or CLI Console on the GUI of FortiGate.
Enter the following CLI command on FortiGate:
diagnose sniffer packet any "ether proto 0x88CC" 4 0 l
The output of the command above would look something like the following:
diagnose sniffer packet any "ether proto 0x88cc" 4 0 l interfaces=[any] filters=[ether proto 0x88cc] 2022-07-14 13:47:51.483056 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1' 2022-07-14 13:48:21.448341 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1' 2022-07-14 13:48:51.485726 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1' 2022-07-14 13:49:21.496029 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1'
Note:
If a PCAP (Wireshark) format of capture is required, change the verbose level in the above command to 6 from 4.
diagnose sniffer packet any "ether proto 0x88cc" 6 0 l
To stop the sniffer, press Ctrl + C. The Sniffer will run until stopped.
