Fortinet black logo

FortiGate-7000 Handbook

Home FortiGate-7000 5.4.9 FortiGate-7000 Handbook

Packet sniffing for FIM and FPM packets

5.4.9
6.2.3
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.9
Copy Link
Copy Doc ID 13098487-2a56-11e9-94bf-00505692583a:489874
Download PDF

Packet sniffing for FIM and FPM packets

You can use the diagnose sniffer packet command to view or sniff packets as they are processed by FIM or FPMs. To use this command you have to be logged into a VDOM. You can run this command from any FIM or FPM CLI.

Note If you run the command from the primary FIM you can use the <slot> option to view packets for the module in that slot. If you run the command from an individual FIM or FPM the <slot> option is not available and you see only the packets processed by that module.

From an FIM the command syntax is:

diagnose sniffer packet <interface> <protocol-filter> <verbose> <count> <timestamp> <slot>

Where:

<interface> is the name of one or more interfaces on which to sniff for packets. Use any to sniff packets for all interfaces. To view management traffic use the elbc-base-ctrl interface name.

<protocol-filter> a filter to select the protocol for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  • 1 display packet headers only.
  • 2 display packet headers and IP data.
  • 3 display packet headers and Ethernet data (if available).
  • 4 display packet headers and interface names.
  • 5 display packet headers, IP data, and interface names.
  • 6 display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached.

<timestamp> the timestamp format, a for UTC time and l for local time.

When you press Enter you are prompted to run the packet capture on the module that you have logged into or you can input a slot number (for example, slot2) to capture packets on the module in that slot.

Previous
Next

Packet sniffing for FIM and FPM packets

You can use the diagnose sniffer packet command to view or sniff packets as they are processed by FIM or FPMs. To use this command you have to be logged into a VDOM. You can run this command from any FIM or FPM CLI.

Note If you run the command from the primary FIM you can use the <slot> option to view packets for the module in that slot. If you run the command from an individual FIM or FPM the <slot> option is not available and you see only the packets processed by that module.

From an FIM the command syntax is:

diagnose sniffer packet <interface> <protocol-filter> <verbose> <count> <timestamp> <slot>

Where:

<interface> is the name of one or more interfaces on which to sniff for packets. Use any to sniff packets for all interfaces. To view management traffic use the elbc-base-ctrl interface name.

<protocol-filter> a filter to select the protocol for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  • 1 display packet headers only.
  • 2 display packet headers and IP data.
  • 3 display packet headers and Ethernet data (if available).
  • 4 display packet headers and interface names.
  • 5 display packet headers, IP data, and interface names.
  • 6 display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached.

<timestamp> the timestamp format, a for UTC time and l for local time.

When you press Enter you are prompted to run the packet capture on the module that you have logged into or you can input a slot number (for example, slot2) to capture packets on the module in that slot.

Previous
Next