FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 191727


This article describes how the output of the 'diag sniff packet' command can be imported into Wireshark.






In this example, the test unit is continuously pinging

To check what is happening on the packet using Wireshark, follow these steps:


  1. Download the below (For Windows Users) .
  2. Unzip and save fgt2eth.exe in a specific folder.
  3. Then access the unit using Putty or any other SSH application.
  4.  Make sure Putty is set to log all sessions (save the session where the fgt2eth application is saved).
  5. Run the following command (make sure to use the value 6 0 on the sniff):

diag sniff packet any ‘host and icmp’ 6 0



  1. The test unit starts pinging
  1. The sniff on the unit SSH access started populating captures.
  1. Open the command prompt on the Windows machine then go to the folder where the Fgt2eth.exe application is saved and the packet captured from the unit.

    To move between folders, use 'cd'.
  1. Then run this command:
fgt2eth.exe -in <archive_name.txt> -out <arhive_name.pcap>
sniffer pcap.png
  1. Go to the folder and open the PCAP using Wireshark.
 download pcap.png



Related articles: