FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff
Article Id 217762
Description

This articles describes how to check EIGRP packets passing through the FortiGate unit.

Normally, FortiGate may not support EIGRP routing. But sometimes FortiGate unit may be part of the network with EIGRP routing and one might want to troubleshoot EIGRP packets passing through the FortiGate.

EIGRP (Enhanced Interior Gateway Routing Protocol)

Scope FortiGate.
Solution

To filter and capture only the EIGRP packet passing through the firewall, use the following CLI commands.

 

    # diagnose sniffer packet any "proto 88" 4 0
         or
    # diagnose sniffer packet <interface name> "proto 88" 4 0


Example

 

# diagnose sniffer packet vlan45 "proto 88" 4 0

interfaces=[vlan45]
filters=[proto 88]
pcap_lookupnet: vlan45: no IPv4 address assigned
15.417898 vlan45 -- 192.168.102.253 -> 192.168.102.254: ip-proto-88 20
15.864769 vlan45 -- 192.168.101.253 -> 224.0.0.10: ip-proto-88 40
18.047781 vlan45 -- 192.168.102.254 -> 224.0.0.10: ip-proto-88 58
18.085863 vlan45 -- 192.168.102.253 -> 224.0.0.10: ip-proto-88 50
18.433612 vlan45 -- 192.168.102.253 -> 192.168.102.254: ip-proto-88 20
19.573145 vlan45 -- 192.168.101.254 -> 224.0.0.10: ip-proto-88 46

 

Note: If one wants to see the file with .pcap format to open in Wireshark, change the verbose level from 4 to 6.

# diagnose sniffer packet vlan45 "proto 88" 6 0

 

Contributors