Fortinet white logo
Fortinet white logo

Administration Guide

Packet capture

Packet capture

Packets can be captured on configured interfaces by going to System > Network > Packet Capture.

The following information is available:

Edit

Select to edit the packet sniffer on the selected interface.

Interface

The name of the configured interface for which packets can be captured.
For information on configuring an interface, see Interfaces.

Maximum packets to capture

The maximum number of packets that can be captured on a sniffer.

Status

The status of the packet capture process. Allows you to start and stop the capturing process, and download the most recently captured packets.

To start capturing packets on an interface, select the Start capturing button in the Status column for that interface. The Status changes to Capturing, and the Stop capturing and download buttons become available.

To download captured packets:
  1. Select the download button for the interface whose captured packets you are downloading.
  2. If no packets have been captured for that interface, select the Start capturing button.

  3. When prompted, save the packet file (sniffer_[interface].pcap) to your management computer.
  4. The file can then be opened using packet analyzer software.

To edit a packet sniffer:
  1. Select the interface whose packet capture settings you need to configure by either selecting the configured interface name from the interface list, or selecting the checkbox in the interface row and selecting Edit from the toolbar.
  2. The Edit Packet Sniffer page opens.

  3. Configure the following options:
    interfaceThe interface name (non-changeable).
    Max packets to captureEnter the maximum number of packets to capture, between 1-10000. The default is 500 packets.
    Include IPv6 packetsSelect to include IPv6 packets when capturing packets.
    Include non-IP packetsSelect to include non-IP packets when capturing packets.
  4. Select Save to apply your changes.

Packet capture

Packet capture

Packets can be captured on configured interfaces by going to System > Network > Packet Capture.

The following information is available:

Edit

Select to edit the packet sniffer on the selected interface.

Interface

The name of the configured interface for which packets can be captured.
For information on configuring an interface, see Interfaces.

Maximum packets to capture

The maximum number of packets that can be captured on a sniffer.

Status

The status of the packet capture process. Allows you to start and stop the capturing process, and download the most recently captured packets.

To start capturing packets on an interface, select the Start capturing button in the Status column for that interface. The Status changes to Capturing, and the Stop capturing and download buttons become available.

To download captured packets:
  1. Select the download button for the interface whose captured packets you are downloading.
  2. If no packets have been captured for that interface, select the Start capturing button.

  3. When prompted, save the packet file (sniffer_[interface].pcap) to your management computer.
  4. The file can then be opened using packet analyzer software.

To edit a packet sniffer:
  1. Select the interface whose packet capture settings you need to configure by either selecting the configured interface name from the interface list, or selecting the checkbox in the interface row and selecting Edit from the toolbar.
  2. The Edit Packet Sniffer page opens.

  3. Configure the following options:
    interfaceThe interface name (non-changeable).
    Max packets to captureEnter the maximum number of packets to capture, between 1-10000. The default is 500 packets.
    Include IPv6 packetsSelect to include IPv6 packets when capturing packets.
    Include non-IP packetsSelect to include non-IP packets when capturing packets.
  4. Select Save to apply your changes.