Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lblossier
Staff
Staff

Created on ‎08-24-2009 04:37 PM Edited on ‎03-22-2023 06:34 AM By Moderator

Article Id 193335

Technical Tip: How to import 'diagnose sniffer packet' data to WireShark - Ethereal application

Description

 
This article explains how the output of the 'Diag sniff packet' command can be imported into Wireshark (Formally known as Ethereal).


Solution

 

When using Perl script:

 

1) If a Perl interpreter is not already installed, search on the Internet for a free 'activeperl', for example, ActivePerl-5.8.8.819-MSWin32-x86-267479.zip.

2) Download 'fgt2eth.pl.zip' file below, and extract script 'fgt2eth.pl' to the Perl folder after installation.

3) Open a command prompt window and execute:
 
cd\Perl  ( <-folder name of Perl after install)
perl fgt2eth.pl -in <file captured>.txt -out <output name>.cap

 

When using Perl executable program (Windows):

 

1) It is not necessary to have a Perl interpreter installed. Download 'fgt2eth.exe.12.2014.zip' file below, attached below, and extract executable 'fgt2eth.exe' to the desired folder.

2) Open a command prompt window and execute:
 
cd\MyExeFolder  ( <-folder name of Perl after install)
fgt2eth.exe -in <file captured>.txt -out <output name>.cap
 
Result:

Once this has been completed the <output name>.cap file can be opened in WireShark or any traffic analyzer decoding this format.

In order for this script/executable to function properly, it must be able to run a file named text2pcap.exe that is installed as part of a Wireshark installation package. An error will be shown if this file cannot be found.
Ensure the path variable is set correctly to include the WireShark installation directory (by default c:\Program Files\Wireshark), or, move this script/executable directly to the WireShark directory.

The tool can use piped flow to Wireshark.

Usage:
 
Version : Dec 19 2014
Usage : fgt2eth.pl -in <input_file_name>
 
Mandatory arguments are:
 
-in  <input_file>   Specify the file to convert (FGT verbose 3 text file)
 
Optional arguments are:
 
-help                Display help only
-version             Display script version and date
-out <output_file>   Specify the output file (Ethereal readable)

By default <input_file>.pcap is used

-will start wireshark for realtime follow-up
-lines <lines>       Only convert the first <lines> lines
-demux               Create one pcap file per interface (verbose 6 only)
-debug               Turns on debug mode
 
Related articles:
fgt2eth.pl.zip
fgt2eth.exe.12.2014.zip
Labels:
58782
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.