Technical Tip: How to import 'diagnose sniffer packet' data to WireShark

Description

This article describes how the output of the 'diag sniff packet' command can be imported into Wireshark.

Scope

FortiGate.

Solution

In this example, the test unit is continuously pinging 8.8.8.8.

To check what is happening on the packet using Wireshark, follow these steps:

1. Download the fgt2eth.exe.12.2014.zip below (For Windows Users) .
2. Unzip and save fgt2eth.exe in a specific folder.
3. Then access the unit using Putty or any other SSH application.
   
4.  Make sure Putty is set to log all sessions (save the session where the fgt2eth application is saved).
5. Run the following command (make sure to use the value 6 0 on the sniff):
   
   

diag sniff packet any ‘host 8.8.8.8 and icmp’ 6 0

6. The test unit starts pinging 8.8.8.8.

7. The sniff on the unit SSH access started populating captures.

8. Open the command prompt on the Windows machine then go to the folder where the Fgt2eth.exe application is saved and the packet captured from the unit.
   
   To move between folders, use 'cd'.

9. Then run this command:

10. Go to the folder and open the PCAP using Wireshark.

 

 

 

Related articles:

• Troubleshooting Tip: Packet capture (CLI sniffer) tips and best practices.
• Troubleshooting Tip: Using the FortiOS built-in packet sniffer for capturing packets.