Technical Tip: How to capture packets on a virtual wire pair (VWP) interface

This article describes how to capture packets on a virtual wire pair interface for troubleshooting.

To capture packets on a virtual wire pair interface, particularly for troubleshooting purposes, use the sniffer command:

diagnose sniffer packet port1 " " 6 0 <- Port1 is a virtual wire pair member.

It is possible to filter or amend the sniffer.

If the traffic expected through the VWP port combination is multicast traffic (as demonstrated in this article), ensure to add appropriate a multicast firewall policy or policies to the FortiGate.

Note that it will not be possible to capture packets going through VWP ports on GUI, the interface will become unavailable for selection in the GUI packet capture utility once it became a VWP member.

If the packet capture is of verbosity 6 for example, it is possible to convert it to a PCAP file for analysis in Wireshark.

Verbosity 1 and 4 will NOT include data, but the rest will.

Verbosity:

1. Print the header of packets.
2. Print the header and data from the IP of packets.
3. Print the header and data from the Ethernet of packets (if available).
4. Print the header of packets with the interface name.
5. Print the header and data from the IP of packets with the interface name.
6. Print the header and data from the Ethernet of packets (if available) with intf name.