Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fruit_company
New Contributor

Packet capture in 5.2?

Hrm. Upgraded a little 60D dev firewall to 5.2 to give it a test drive. One of the first things I' ve noticed is that the packet capture menu that used to be under System > Network isn' t there any longer. I checked the 5.2 docs -- and it looks like that' s where it' s still *supposed* to be. Also checked the admin profile to make sure the super_admin profile still had " packet capture configuration" permissions (it does). Bug? Or am I just missing something.
1 Solution
emnoc
Esteemed Contributor III

https://x.x.x.x/p/firewall/sniffer/

 

Where x.x.x.x is your interface for mng-https.

 

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
12 REPLIES 12
fruit_company
New Contributor

Does look like a bug in the FW web GUI. Found another post that said you can still get to it by going direct to the URL (sorry for not giving credit to the person who found this). Packet capture menu can still be reached at: https://[firewall mgmt IP]/p/firewall/sniffer/ Worked for me.
simonorch
Contributor

The packet capture page comes up on the 30D and you can create filters but you can' t run the capture, or at least the start button doesn' t work.

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
Carl_Wallmark
Valued Contributor

(sorry for not giving credit to the person who found this)
it´s ok

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
lightmoon1992
New Contributor

diag sniffer packet " interface name" " capture filter" 3 this will give you the exact same output if you save all the output through your terminal tool (putty for example), and then you convert it via perl command. details described below: [link=]http://docs-legacy.fortinet.com/frec/admin_hlp/1-1-0/index.html#page/FortiRecorder_Help/packet_capture.html[/link]

Mohammad Al-Zard

 

Mohammad Al-Zard
Jack_Gerbs
New Contributor

https://[firewall mgmt IP]/p/firewall/sniffer/
I just tried this and it appears to be there on my 110C, but the only interfaces available for the capture are in the root VDOM. Interfaces in other VDOMs do not show up. I am curious what the URL is to interfaces assigned to other VDOMs I am a big fan of the CLI for sniffing traffic.
CISSP, FCNSP 4.0
CISSP, FCNSP 4.0
Warren_Olson_FTNT

CLI is also preferred for me but the caveat is knowing how much data will be passing across the screen, too much data and you can start losing information due to putty or whatever term utility can' t keep up with buffering/writing to log.
Sean_Toomey_FTNT

CLI is certainly possible but you have to convert it to Wireshark format with a perl script. I have 5.2 GA on a FortiGate 100D and also on FortiGate VM and this options is there for me (see pic). Also don' t forget you can capture packets on a per-rule basis now! Can do this one from GUI or CLI. In GUI there is a checkbox, in CLI there is option under rule edit for set capture-packet enable/disable Cheers!
-- Sean Toomey, CISSP FCNSP Consulting Security Engineer (CSE) FORTINET— High Performance Network Security
emnoc
Esteemed Contributor III

https://x.x.x.x/p/firewall/sniffer/

 

Where x.x.x.x is your interface for mng-https.

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
rthomp
New Contributor

Has anyone seen this issue?  I do a packet capture  dia sniffer packet any "host 10.1.1.100" 4 and after one packet or two is displayed on the screen then it stops.  Is this a Fortigate setting that is preventing this?

Labels
Top Kudoed Authors