Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mariusb
New Contributor

FortiGate firewall

dia sniffer pachet

5 REPLIES 5
spoojary
Staff
Staff

Is there any doubt regarding dia sniffer packet ?

Siddhanth Poojary
sjoshi
Staff
Staff

Dear mariusb,

 

You can go through the link below which you help on you the sniffer part on FGT FW.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...

 

BR, 

Salon Raj Joshi
mgoswami
Staff
Staff

Hi,

 

I understand that you have some queries regarding sniffer command to do a packet capture in your Fortigate. You may refer to this link  for troubleshooting options available in FortiGate CLI to check the traffic flow, by capturing packets reaching the FortiGate unit.

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...

BR,

Manosh

Nchandan
Staff
Staff

Dear mariusb,

 

You can also refer to the below KB for more understanding:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Packet-capture-sniffer/ta-p/198313

rvijayaraj
Staff
Staff

Hi , 

 

We believe that you are having some questions on the packet sniffing option available on the FGT. 

Packet sniffing is the troubleshooting options available in FortiGate CLI to check the traffic flow by capturing packets reaching the FortiGate unit.

In addition to the GUI packet capture methods, the CLI offers the possibility to capture packets on multiple interfaces and mark these on a per-packet basis. This can be useful if there is reason to suspect a packet is leaving from the wrong interface and being subsequently dropped by FortiGate.

Command used for sniffing in CLI : 

diag sniffer packet <interface> <'filter'> <verbose> <count> a

 

<interface> can be an interface name or 'any' for all interfaces.

<'filter'> is a very powerful filter functionality which will be described in more detail.

<verbose> means the level of verbosity as described already.

<count> the number of packets the sniffer reads before stopping.

a – timestamps the packets with the absolute UTC time.

l - (small letter L) timestamps the packets with LOCAL time on the unit.

(blank/no letter) – relative to the beginning of the capture.

 

There are three different levels of Information, also known as Verbose Levels 1 to 3, where verbose 1 shows less information and verbose 3 shows the most.

Verbose Levels 4, 5, and 6 would additionally provide the interface details.
 
Verbose levels in detail:
 
1: print header of packets.
2: print header and data from IP of packets.
3: print header and data from Ethernet of packets.
4: print header of packets with interface name.
5: print header and data from IP of packets with interface name.
6: print header and data from Ethernet of packets with interface name.
 
You can also refer to the below article which might help : 
 
 
Regards,
Roshan
Labels
Top Kudoed Authors