asostizzo_FTNT
Description
On SMB FortiVoice devices it is necessary to enable ssh terminal access via the Web Management GUI in order to collect a network capture using 'tcpdump'.

Solution
1. Access the unit's Web Management GUI using the admin account and enable the ssh terminal access.

Under Status > Dashboard > System Command Line Interface > type:
# sshd enable

2. Access the unit via SSH Terminal using the admin account credentials.  The related KB article explains how to use PuTTy.

3. Identify the appropriate interface name to use in step 4 below.
# ifconfig

4. Elevate the admin permission and execute tcpdump.  The capture will be saved to the file 'capturefile' already in .pcap format.
# su
# <admin password>

Note that other host IPs may be included in the command below using the OR or AND operators. (For example: host 5.5.5.5 OR host 4.4.4.4).
# tcpdump -i <interface name> 'host <endpoint IP>' -s0 -w capturefile
...reproduce the issue...
# ctrl+c

5. File permission needs to be changed after capture is concluded in order to allow download via SCP tool.
# chmod 777 capturefile
# exit

6. Download an SCP protocol tool in order to retrieve the file.  For example, WinSCP can be downloaded free of charge from CNET.com.  Ensure to run application using "Run as Administrator".


7. Save file to the local PC where it may be opened and reviewed using Wireshark. (Wireshark.org)

Related Articles

Technical Note: How to create a log file of a session using PuTTY

Contributors