| Description | This article describes how to capture Packets without disabling hw offloading in NP7 devices. |
| Scope |
FortiGate. |
| Solution |
To start packet capture, first NPU filters should be set:
diagnose npu sniffer filter selector 0 diagnose npu sniffer filter intf port8 diagnose npu sniffer filter dir both diagnose npu sniffer filter dir 2 diagnose npu sniffer filter protocol 6 diagnose npu sniffer filter srcip 193.108.213.15 diagnose npu sniffer filter selector 1 diagnose npu sniffer filter intf port8 diagnose npu sniffer filter dir both diagnose npu sniffer filter dir 2 diagnose npu sniffer filter protocol 6 diagnose npu sniffer filter dstip 193.108.213.15
To capture both incoming and outgoing traffic from 1 IP address, the above two filters are defined with the same IP as the source and destination respectively.
After setting filters, it can be verified with the below command:
With the below command packets hitting the filter are started to be copied to npudbg interface:
diagnose npu sniffer start
After NPU sniffer is started, packets can be captured through npudbg interface with the usual ' diagnose sniffer packet' command and usual filters can be used as well:
After the trace is collected, it is very important to stop NPU sniffer with the below command:
diagnose npu sniffer stop
In addition, the previously set NPU filter can be cleared as well:
diagnose npu sniffer filter clear
In order to obtain the output with a specific filter/count/time format, refer to the below command:
Example:
diagnose sniffer packet npudbg '' 6 0 l
<level>
<count>: The number of packets to capture. If 0 or no value is defined, unlimited packets will be captured until ctrl+c is used to stop. |
