Description
This article describes how the output of the 'diag sniff packet' command can be imported into Wireshark.
Scope
FortiGate.
Solution
In this example, the test unit is continuously pinging 8.8.8.8.
To check what is happening on the packet using Wireshark, follow these steps:
- Download the fgt2eth.exe.12.2014.zip below (For Windows Users) .
- Unzip and save fgt2eth.exe in a specific folder.
- Then access the unit using Putty or any other SSH application.
- Make sure Putty is set to log all sessions (save the session where the fgt2eth application is saved).
- Then start running this command # diag sniff packet any ‘host 8.8.8.8 and icmp’ 6 0 (make sure to use the value 6 0 on the sniff.)
- The test unit starts pinging 8.8.8.8.
- The sniff on the unit SSH access started populating captures.
- Open the command prompt on the Windows machine then go to the folder where the Fgt2eth.exe application is saved and the packet captured from the unit.
***To move between folders, use 'cd'.
- Then run this command:
> fgt2eth.exe -in <archive_name.txt> -out <arhive_name.pcap>
- Go to the folder and open the PCAP using Wireshark.
Related articles:
