Fortinet black logo

FortiGate-6000 Administration Guide

Home FortiGate / FortiOS 7.2.8 FortiGate-6000 Administration Guide
7.2.8
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5

Packet sniffing integrated switch fabric (ISF) interfaces

Packet sniffing integrated switch fabric (ISF) interfaces

From the management board CLI after editing any VDOM, you can use the following command to sniff traffic on FortiGate 6000F ISF interfaces:

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

Where:

<interface> the name of one ISF interface on which to sniff for packets. The interface can be dp for the ISF interface connected to the DP processor or sw:port1, sw:port2, sw:port3, ..., sw:port28 for the ISF interfaces connected to traffic interfaces. You must specify an interface name. any does not work.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

Previous
Next

Packet sniffing integrated switch fabric (ISF) interfaces

From the management board CLI after editing any VDOM, you can use the following command to sniff traffic on FortiGate 6000F ISF interfaces:

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

Where:

<interface> the name of one ISF interface on which to sniff for packets. The interface can be dp for the ISF interface connected to the DP processor or sw:port1, sw:port2, sw:port3, ..., sw:port28 for the ISF interfaces connected to traffic interfaces. You must specify an interface name. any does not work.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

Previous
Next