Description
This article describes how to sniff packets for a specific MAC Address on FortiGate with CLI commands.
Scope
Any supported version of FortiGate.
Solution
Below is the command to sniff packet by MAC Address on FortiGate with CLI commands:
To sniff the MAC Address when it is 'Source MAC = 00:09:0f:89:10:ea':
Method 1:
diagnose sniffer packet <interface> "ether src 00:09:0f:89:10:ea"
Method 2:
diagnose sniffer packet any '(ether[6:4]=0x00090f89) and (ether[10:2]=0x10ea)' 4
To sniff the MAC Address when it is 'Destination MAC = 00:09:0f:89:10:ea':
Method 1:
diagnose sniffer packet <interface> "ether dst 00:09:0f:89:10:ea"
Method 2:
diagnose sniffer packet any '(ether[0:4]=0x00090f89) and (ether[4:2]=0x10ea)' 4
To sniff the MAC Address when it is 'Source/Destination MAC = 00:09:0f:89:10:ea'
diagnose sniffer packet <interface> "ether host 00:09:0f:89:10:ea"
