Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kimsw
New Contributor

Issue regarding decrypted mirror traffic

Hi,

When SSL-decrypted HTTPS traffic is sent to a mirror port and analyzed using Wireshark on a server connected

to that port, unusual packet patterns are observed.

 

wireshark.png

 

 

 

 

wan port IP : 1.235.10.153
destination IP : 54.84.14.5
source IP : 172.30.0.162

 

It seems like there is wrong with hand shake process, and when I monitor this traffic with Zeek, either the request body or the response body always shows 0.

 

Is there something wrong with my FortiGate configurations, or is this expected situation for mirrored traffic?

I need your assist.

 

Thanks.

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors