Description |
This article describes how to capture packets on a virtual wire pair interface for troubleshooting. |
Scope | FortiGate v6.4, v7.0 and v7.2. |
Solution |
To capture packets on a virtual wire pair interface, particularly for troubleshooting purposes, use the sniffer command:
diagnose sniffer packet port1 " " 6 0 <- Port1 is a virtual wire pair member.
It is possible to filter or amend the sniffer.
If the traffic expected through the VWP port combination is multicast traffic (as demonstrated in this article), ensure to add appropriate a multicast firewall policy or policies to the FortiGate.
Note that it will not be possible to capture packets going through VWP ports on GUI, the interface will become unavailable for selection in the GUI packet capture utility once it became a VWP member. If the packet capture is of verbosity 6 for example, it is possible to convert it to a PCAP file for analysis in Wireshark.
Verbosity 1 and 4 will NOT include data, but the rest will.
Verbosity:
|