- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sflow with wireshark
Hello,
I require to capture the traffic on wireshark.More or less the way if using SPAN port on Cisco switch.
So found if sflow can be used on Fortigate as I do not have any managed switch in our network.
Configured and sflow collector ip as the wireshark PC and enabled interface on fortigate internal interface.
I can see still not traffic does it captures except the one destined to or from the wireshark pc.
Any expert suggestions please.
Regards,
Sushil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is your exact configuration?
There are two parts that you must enable.
config system sflow set collector-ip <collector_ipv4> set collector_port <port_int> end
and :
config system interface edit <interface_name>
set sflow-sampler {disable | enable}
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The config is as below
config system sflow set collector-ip 192.168.1.78 set collector-port 6343 end
and internal gateway
config sys interface edit internal set sflow-sampler enable set sample-rate 512 set sample-direction both set polling-interval 30 next end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some tools that may help:
This one should show some traffic, if sFlow is configured correctly: http://www.paessler.com/tools/sflowtester
Using Wireshark & sflowtool on Linux: http://blog.sflow.com/2011/11/wireshark.html
sflowtool: http://www.inmon.com/technology/sflowTools.php
the cmd variant on Windows, when sflowtool is located in the Wireshark directory: sflowtool.exe -t | wireshark.exe -k -i -