The article describes how to write packets collected through tcpdump to a .pcap file that can later be shared with Fortinet Support to investigate specific issues.
FortiNAC-F.
In the FortiNAC-F CLI, enter the following:
execute tcpdump -i any host 192.168.10.1 -w Testfile.pcap
After recreating the issue, stop the tcpdump at any time with Ctrl+C. At that point, the capture will be closed and stored in the filename specified with the -w option.
execute enter-shell
scp /home/admin/Test2.pcap user@IP_of_destination:/Location_Folder
For example: assume it is necessary to transfer the file to the local host, which is a Linux host with the IP 192.168.10.1. The user should log in to this host with the 'admin' account. The directory where it is desired to save the PCAP file is /home/user1/Documents
NOTE: WRITE permissions are necessary on the remote host in order to transfer the file.
In this example, the command would be as follows:
execute enter-shell
scp /home/admin/Test2.pcap admin@192.168.10.1:/home/user1/Documents
The different options available for the tcpdump command are explained in the FortiNAC-F CLI reference.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.