FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
Sx11
Staff
Staff
Article Id 278061
Description

 

The article describes how to write packets collected through tcpdump to a .pcap file that can later be shared with Fortinet Support to investigate specific issues.

 

Scope

 

FortiNAC-F.

 

Solution

 

  1. In the following example, the desired outcome is to enable a Packet capture on the isolation Interface to collect all traffic for a specific Isolated host.

In the FortiNAC-F CLI, enter the following:

 

execute tcpdump -i any host 192.168.10.1 -w Testfile.pcap

 

  • The packets will be written to a file called Testfile.pcap. 
  • The Testfile.pcap file will be downloaded to the following path: /home/admin/.
  • The files where the packets are written with -w will automatically be saved in the /home/admin/ path.

 

After recreating the issue, stop the tcpdump at any time with Ctrl+C. At that point, the capture will be closed and stored in the filename specified with the -w option.

 

  1. Entering the shell in FortiNAC-F will make it possible to use the SCP protocol to transfer the Testfile.pcap to a path in the local or remote host as follows:

 

execute enter-shell
scp /home/admin/Test2.pcap user@IP_of_destination:/Location_Folder

 

For example: assume it is necessary to transfer the file to the local host, which is a Linux host with the IP 192.168.10.1. The user should log in to this host with the 'admin' account. The directory where it is desired to save the PCAP file is /home/user1/Documents.

 

Note: WRITE permissions are necessary on the remote host to transfer the file.

 

In this example, the command would be as follows:

 

execute enter-shell

scp /home/admin/Test2.pcap admin@192.168.10.1:/home/user1/Documents

 

The different options available for the tcpdump command are explained in the FortiNAC-F CLI reference.

Related article:

Technical-Tip-Useful-CLI-commands-in-FortiNAC-OS.
Technical-Tip-FileTransfer-with-TFTP-for-FortiNAC-F.