Fortinet black logo

Handbook (HTML)

diagnose tcpdump start|stop

Copy Link
Copy Doc ID 73ac471a-9afd-11ea-8862-00505692583a:233113

diagnose tcpdump start|stop

Allows you to use tcpdump to log packet traffic information for a target database and save it to the local disk.

Like the TCP/IP sniffer, tcpdump requires a connection to a mirror port on the switch that handles TCP/IP traffic for the target database. For more information, see Network requirements for monitoring using the TCP/IP sniffer.

You can export the tcpdump log files to an FTP server and remove them from the local disk. For more information, see execute backup fd-tcpdump and execute backup-remove fd-tcpdump.

Syntax

diagnose tcpdump start|stop <port> <client IP> <server IP> [minutes]

where:

Variables Description
start|stop Specifies whether to start a new tcpdump log file or stop a current monitoring session.
<port> The FortiDB Ethernet port on which tcpdump intercepts and logs packet traffic. This port is connected to the mirror port on the switch that handles TCP/IP traffic for the database.
<client IP>

The IP address of the database client.

Enter * to specify any IP address.

<server IP>

The IP address where the target database is located.

Enter * to specify any IP address.

[minutes]

Specifies the length of time tcpdump monitors packet traffic between the specfied database and client, in minutes. Maximum value is 720.

If you do not specify a duration, tcpdump monitors the specified packet traffic for 60 minutes or until you enter a corresponding diagnose tcpdump start|stop command.

Example

To monitor database traffic seen on port2 for 10 minutes:

diagnose tcpdump start port2 <your_client_IPaddress> <your_database_server_IPaddress> 10

See also

diagnose tcpdump start|stop

Allows you to use tcpdump to log packet traffic information for a target database and save it to the local disk.

Like the TCP/IP sniffer, tcpdump requires a connection to a mirror port on the switch that handles TCP/IP traffic for the target database. For more information, see Network requirements for monitoring using the TCP/IP sniffer.

You can export the tcpdump log files to an FTP server and remove them from the local disk. For more information, see execute backup fd-tcpdump and execute backup-remove fd-tcpdump.

Syntax

diagnose tcpdump start|stop <port> <client IP> <server IP> [minutes]

where:

Variables Description
start|stop Specifies whether to start a new tcpdump log file or stop a current monitoring session.
<port> The FortiDB Ethernet port on which tcpdump intercepts and logs packet traffic. This port is connected to the mirror port on the switch that handles TCP/IP traffic for the database.
<client IP>

The IP address of the database client.

Enter * to specify any IP address.

<server IP>

The IP address where the target database is located.

Enter * to specify any IP address.

[minutes]

Specifies the length of time tcpdump monitors packet traffic between the specfied database and client, in minutes. Maximum value is 720.

If you do not specify a duration, tcpdump monitors the specified packet traffic for 60 minutes or until you enter a corresponding diagnose tcpdump start|stop command.

Example

To monitor database traffic seen on port2 for 10 minutes:

diagnose tcpdump start port2 <your_client_IPaddress> <your_database_server_IPaddress> 10

See also