Fortinet black logo

New Features

Embed real-time packet capture and analysis tool on Diagnostics page

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:462154
Download PDF

Embed real-time packet capture and analysis tool on Diagnostics page

This enhancement removes the previous Network > Packet Capture page and replaces it with the Network > Diagnostics page. The Packet Capture page streams the capture in real-time. It allows users to select a packet and view its header and payload information in real-time. Once completed, packets can be filtered by various fields or through the search bar. The capture can be saved as a PCAP file for further analysis.

In the CLI, some options under config firewall sniffer have been removed.

To run a packet capture:
  1. Go to Network > Diagnostics and select the Packet Capture tab.

  2. Optionally, select an Interface (any is the default).

  3. Optionally, enable Filters and select a Filtering syntax:

    1. Basic: enter criteria for the Host, Port, and Protocol number.

    2. Advanced: enter a string, such as src host 172.16.200.254 and dst host 172.16.200.1 and dst port 443.

  4. Click Start capture. The capture is visible in real-time.

  5. While the capture is running, select a packet, then click the Headers or Packet Data tabs to view more information.

  6. When the capture is finished, click Save as pcap. The PCAP file is automatically downloaded.

  7. Optionally, use the Search bar or the column headers to filter the results further.

    The packet capture history is listed under Recent Capture Criteria in the right-side of the screen. Clicking the hyperlink will take you back to the main page with the interface and filter settings already populated.

Tooltip

For more granular sniffer output with various verbose settings, use diagnose sniffer packet <interface> <'filter'> <verbose> <count> <tsformat>. See Performing a sniffer trace in the FortiOS Administration Guide for more details.

Summary of CLI changes

The following options have been removed from config firewall sniffer:

config firewall sniffer
    edit <id>
        set ipv6 {enable | disable}
        set non-ip {enable | disable}
        set host <string>
        set port <string>
        set protocol <string>
        set vlan <string>
        set max-packet-count <integer>
    next
end

Embed real-time packet capture and analysis tool on Diagnostics page

This enhancement removes the previous Network > Packet Capture page and replaces it with the Network > Diagnostics page. The Packet Capture page streams the capture in real-time. It allows users to select a packet and view its header and payload information in real-time. Once completed, packets can be filtered by various fields or through the search bar. The capture can be saved as a PCAP file for further analysis.

In the CLI, some options under config firewall sniffer have been removed.

To run a packet capture:
  1. Go to Network > Diagnostics and select the Packet Capture tab.

  2. Optionally, select an Interface (any is the default).

  3. Optionally, enable Filters and select a Filtering syntax:

    1. Basic: enter criteria for the Host, Port, and Protocol number.

    2. Advanced: enter a string, such as src host 172.16.200.254 and dst host 172.16.200.1 and dst port 443.

  4. Click Start capture. The capture is visible in real-time.

  5. While the capture is running, select a packet, then click the Headers or Packet Data tabs to view more information.

  6. When the capture is finished, click Save as pcap. The PCAP file is automatically downloaded.

  7. Optionally, use the Search bar or the column headers to filter the results further.

    The packet capture history is listed under Recent Capture Criteria in the right-side of the screen. Clicking the hyperlink will take you back to the main page with the interface and filter settings already populated.

Tooltip

For more granular sniffer output with various verbose settings, use diagnose sniffer packet <interface> <'filter'> <verbose> <count> <tsformat>. See Performing a sniffer trace in the FortiOS Administration Guide for more details.

Summary of CLI changes

The following options have been removed from config firewall sniffer:

config firewall sniffer
    edit <id>
        set ipv6 {enable | disable}
        set non-ip {enable | disable}
        set host <string>
        set port <string>
        set protocol <string>
        set vlan <string>
        set max-packet-count <integer>
    next
end