KB Article Type : Troubleshooting
Related Products: All Controllers
Related Software Versions: all
Keywords : tshark, capture-packets, trace, capture, sniff
The commands below will capture DHCP traffic from all Realtek nics on the meru interface.
Capture for an OUI from root:
tshark "ether [0:4] & 0xffffff00 = 0x5cac4c00" or "ether [5:4] & 0xffffff00 = 0x5cac4c00" and port 67 -i meru -w filename
Capture for an OUI from CLI
capture-packets "ether [0:4] & 0xffffff00 = 0x5cac4c00" or "ether [5:4] & 0xffffff00 = 0x5cac4c00" and port 67 -i meru -w filename
To explain the format
ether[0:4] – says we're looking at the first 4 hex values under the Ehernet header.
& 0xffffff00 is a mask saying match on the first 3 hex values.
= 0x5cac4c00 is what to match on.
That covers the source address. Here the or connector was used to define the destination address [5:4] and the 'and' connector to match on port 67 (bootp).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.