Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sushilk
New Contributor

sflow with wireshark

Hello,

I require to capture the traffic on wireshark.More or less the way if using SPAN port on Cisco switch.

So found if sflow can be used on Fortigate as I do not have any managed switch in our network.

 

Configured and sflow collector ip as the wireshark PC and enabled interface on fortigate internal interface.

 

I can see still not traffic does it captures except the one destined to or from the wireshark pc.

Any expert suggestions please.

 

Regards,

Sushil

3 REPLIES 3
norouzi
Contributor

What is your exact configuration?

There are two parts that you must enable.

 

config system sflow set collector-ip <collector_ipv4> set collector_port <port_int> end

 

and :

 

config system interface edit <interface_name>

set sflow-sampler {disable | enable}

end

 

Sushilk
New Contributor

The config is as below

config system sflow    set collector-ip 192.168.1.78    set collector-port 6343 end

and internal gateway

config sys interface     edit internal        set sflow-sampler enable        set sample-rate 512        set sample-direction both        set polling-interval 30     next end

netmin
Contributor II

Some tools that may help:

 

This one should show some traffic, if sFlow is configured correctly: http://www.paessler.com/tools/sflowtester

Using Wireshark & sflowtool on Linux: http://blog.sflow.com/2011/11/wireshark.html 

 

sflowtool: http://www.inmon.com/technology/sflowTools.php

 

the cmd variant on Windows, when sflowtool is located in the Wireshark directory: sflowtool.exe -t | wireshark.exe -k -i -

Top Kudoed Authors