Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fruit_company
New Contributor

Created on ‎06-24-2014 06:23 PM

Packet capture in 5.2?

Hrm. Upgraded a little 60D dev firewall to 5.2 to give it a test drive. One of the first things I' ve noticed is that the packet capture menu that used to be under System > Network isn' t there any longer. I checked the 5.2 docs -- and it looks like that' s where it' s still *supposed* to be. Also checked the admin profile to make sure the super_admin profile still had " packet capture configuration" permissions (it does). Bug? Or am I just missing something.
46732
0 Kudos
1 Solution
emnoc
Esteemed Contributor III

Created on ‎09-03-2015 11:06 AM

https://x.x.x.x/p/firewall/sniffer/

 

Where x.x.x.x is your interface for mng-https.

 

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
7646
0 Kudos
12 REPLIES 12
fruit_company
New Contributor

Created on ‎06-24-2014 08:04 PM

Does look like a bug in the FW web GUI. Found another post that said you can still get to it by going direct to the URL (sorry for not giving credit to the person who found this). Packet capture menu can still be reached at: https://[firewall mgmt IP]/p/firewall/sniffer/ Worked for me.
6228
0 Kudos
simonorch
Contributor

Created on ‎07-01-2014 02:42 AM

The packet capture page comes up on the 30D and you can create filters but you can' t run the capture, or at least the start button doesn' t work.
Senior Consultant working with Fortinet products since 2009
Senior Consultant working with Fortinet products since 2009
6228
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎07-01-2014 03:19 AM

(sorry for not giving credit to the person who found this)
it´s ok

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
6228
0 Kudos
lightmoon1992
New Contributor

Created on ‎07-30-2014 07:59 AM

diag sniffer packet " interface name" " capture filter" 3 this will give you the exact same output if you save all the output through your terminal tool (putty for example), and then you convert it via perl command. details described below: [link=]http://docs-legacy.fortinet.com/frec/admin_hlp/1-1-0/index.html#page/FortiRecorder_Help/packet_capture.html[/link]

Mohammad Al-Zard

 

Mohammad Al-Zard
6228
0 Kudos
Jack_Gerbs
New Contributor

Created on ‎07-30-2014 10:03 AM

https://[firewall mgmt IP]/p/firewall/sniffer/
I just tried this and it appears to be there on my 110C, but the only interfaces available for the capture are in the root VDOM. Interfaces in other VDOMs do not show up. I am curious what the URL is to interfaces assigned to other VDOMs I am a big fan of the CLI for sniffing traffic.
CISSP, FCNSP 4.0
CISSP, FCNSP 4.0
6228
0 Kudos
Warren_Olson_FTNT
Staff
Staff

Created on ‎07-30-2014 11:27 AM

CLI is also preferred for me but the caveat is knowing how much data will be passing across the screen, too much data and you can start losing information due to putty or whatever term utility can' t keep up with buffering/writing to log.
6228
0 Kudos
Sean_Toomey_FTNT
Staff
Staff

Created on ‎07-30-2014 01:43 PM

CLI is certainly possible but you have to convert it to Wireshark format with a perl script. I have 5.2 GA on a FortiGate 100D and also on FortiGate VM and this options is there for me (see pic). Also don' t forget you can capture packets on a per-rule basis now! Can do this one from GUI or CLI. In GUI there is a checkbox, in CLI there is option under rule edit for set capture-packet enable/disable Cheers!
-- Sean Toomey, CISSP FCNSP Consulting Security Engineer (CSE) FORTINET— High Performance Network Security
Db84536.jpg
Preview file
89 KB
6228
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎09-03-2015 11:06 AM

https://x.x.x.x/p/firewall/sniffer/

 

Where x.x.x.x is your interface for mng-https.

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
7647
0 Kudos
rthomp
New Contributor
In response to emnoc

Created on ‎02-02-2016 07:31 AM

Has anyone seen this issue?  I do a packet capture  dia sniffer packet any "host 10.1.1.100" 4 and after one packet or two is displayed on the screen then it stops.  Is this a Fortigate setting that is preventing this?

6228
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.