Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to convert the sniffer traffic to wireshark
Hi Team,
I want to see the captured packet in wireshark.
Kindly let me know how the sniffer or debug logs can be open in wireshark.
Regards/ Ramesh M
Ramesh M Technical Specialist - CCNA(Security), FCNSP, ACE, ASE, ITIL blogs.itzecuriry.in
Ramesh M Technical Specialist - CCNA(Security), FCNSP, ACE, ASE, ITIL
blogs.itzecuriry.in
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ramesh,
try with the attached tools: http://kb.fortinet.com/kb/documentLink.do?externalId=11186
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
netmin wrote:
Hi Ramesh, try with the attached tools: http://kb.fortinet.com/kb/documentLink.do?externalId=11186
The attached tool does not working. So, I made an alternative. It's a simple pythonic script working like a charm.
Fortigate Dump converter to Wireshark Hexdump
https://github.com/afsec/fgt2wireshark
Requires python >= 2.7
How to use
Get some packets from Fortigate
In this case we're getting 1000 packets
printf "diagnose sniffer packet wan1 none 6 1000" | ssh USER@server.example.org | tee dump_firewall.txt
If you are using vdom
printf "config vdom\nedit root\ndiagnose sniffer packet wan1 none 6 1000" | ssh USER@server.example.org | tee dump_firewall.txt
Converting packets from Fortigate Dump to Wireshark HexDump
[ol]Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FWIW
if your fortgate device has the ability for packet capturing in the WebGUI, just download the pacp. Their' s no need to convert anything and the file format is that of a pcap format
MacBook13:~ kfelix$ cd Downloads/
MacBook13:Downloads kfelix$ ls sniffer_1.pcap
sniffer_1.pcap
MacBook13:Downloads kfelix$ file sniffer_1.pcap
sniffer_1.pcap: tcpdump capture file (little-endian) - version 2.4 (Linux " cooked" , capture length 1600)
MacBook13:Downloads kfelix$
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
