Fortinet black logo

Handbook

Appendix E: Capturing Packets

Copy Link
Copy Doc ID 603e8323-b78c-11ec-9fd1-fa163e15d75b:330659
Download PDF

Appendix E: Capturing Packets

FortiDDoS allows you to capture packets via a GUI-based tcpdump function.

To configure Packet Capture:
  1. Go to Network > Packet Capture. A list of saved capture configurations is displayed.

  2. From that list, the right-side icons allow you to:
    • Edit - Edit that Packet Capture configuration. Note the Name cannot be edited after saving.
    • Delete - Delete that Packet Capture configuration. You may also select the checkbox to the left of each row and click Delete to remove one or more existing configurations.
    • Clone - Clone that Packet Capture configuration to create a new one with the same configuration.
    • Run - Run the Packet Capture.
    • Stop - Manually stops the Packet Capture if it is running.
    • Download - Download the resulting pcap after completion
  3. To use an existing configuration, click Run.
  4. To create a new Packet Capture configuration, click +Create New and complete the following fields:

    Setting

    Description

    Name

    a-Z, 0-9, “-“, “_” only, no spaces, 35 character maximum

    Interface

    Dropdown menu for the traffic interface from which to capture. For example, if looking or inbound Drops, capture from ports 2, 4 or 6.

    Capture Type

    Rx – all received packets

    Tx – all transmitted packets

    Drops – dropped packets only

    Filter

    tcpdump filters such as src/dst, host, port, protocol name or proto #, and/or/not, etc.

    Max Packets

    Maximum (to 65535) packets to capture. During capture, the capture can be stopped manually.

    Save

    Save the configuration.

  5. Onced saved, select the configuration to run from the displayed list.

Appendix E: Capturing Packets

FortiDDoS allows you to capture packets via a GUI-based tcpdump function.

To configure Packet Capture:
  1. Go to Network > Packet Capture. A list of saved capture configurations is displayed.

  2. From that list, the right-side icons allow you to:
    • Edit - Edit that Packet Capture configuration. Note the Name cannot be edited after saving.
    • Delete - Delete that Packet Capture configuration. You may also select the checkbox to the left of each row and click Delete to remove one or more existing configurations.
    • Clone - Clone that Packet Capture configuration to create a new one with the same configuration.
    • Run - Run the Packet Capture.
    • Stop - Manually stops the Packet Capture if it is running.
    • Download - Download the resulting pcap after completion
  3. To use an existing configuration, click Run.
  4. To create a new Packet Capture configuration, click +Create New and complete the following fields:

    Setting

    Description

    Name

    a-Z, 0-9, “-“, “_” only, no spaces, 35 character maximum

    Interface

    Dropdown menu for the traffic interface from which to capture. For example, if looking or inbound Drops, capture from ports 2, 4 or 6.

    Capture Type

    Rx – all received packets

    Tx – all transmitted packets

    Drops – dropped packets only

    Filter

    tcpdump filters such as src/dst, host, port, protocol name or proto #, and/or/not, etc.

    Max Packets

    Maximum (to 65535) packets to capture. During capture, the capture can be stopped manually.

    Save

    Save the configuration.

  5. Onced saved, select the configuration to run from the displayed list.