Description
This article describes that on SMB FortiVoice devices, it is necessary to enable SSH terminal access via the Web Management GUI to collect a network capture using 'tcpdump'.
Scope
FortiVoice.
Solution
- Access the unit's Web Management GUI using the admin account and enable SSH terminal access.
Under Status -> Dashboard -> System Command Line Interface -> Type: sshd enable.
- Access the unit via SSH Terminal using the admin account credentials. The related KB article explains how to use PuTTY.
- Identify the appropriate interface name to use in step 4 below.
ifconfig
-
Elevate the admin permission and execute tcpdump. The capture will be saved to the file 'capturefile' already in .pcap format.
su
<admin password>
Note that other host IPs may be included in the command below using the OR or AND operators (for example: host 5.5.5.5 OR host 4.4.4.4).
tcpdump -i <interface name> 'host <endpoint IP>' -s0 -w capturefile
...reproduce the issue...
ctrl+c
-
File permission needs to be changed after capture is concluded to allow download via the SCP tool.
chmod 777 capturefile
exit
-
Download an SCP protocol tool to retrieve the file. For example, WinSCP can be downloaded free of charge from CNET.com. Ensure to run the application using 'Run as Administrator'.
-
Save the file to the local PC where it may be opened and reviewed using Wireshark (Wireshark.org).
Related documents:
Technical Tip: How to create a log file of a session using PuTTY
Capturing voice and fax packets
