Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Store packet capture criteria 7.4.4

    Store packet capture criteria 7.4.4

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    Packet capture criteria can be stored for the re-initiation of packet captures multiple times using the same parameters, such as interface, filters, and so on. Diagnostic commands can also be used to list, initiate, terminate, and remove GUI packet captures for increased control over packet capture operations.

    Creating and storing packet capture criteria in the GUI

    Packet capture criteria can be created and stored in order to re-initiate packet captures in the GUI with the same parameters. Capture cards in the Network > Diagnostics page are sorted in alphabetical order of the configured name and colored depending on state:

    • Green: The packet capture is running.

    • Gray: The packet capture has not started yet, has completed, or the capture files have been deleted.

    New and updated fields have been implemented when creating the packet capture:

    • The Limit field has been renamed to Maximum captured packets.

    • The Name field must be a unique name for the packet capture criteria being configured.

    • A new Filters option, Include non-IP packets, allows non-IP address packets to be captured when enabled. Supported non-IP address packet types include ARP, RARP, LLC, LLDP, VLAN, and LACPDU.

    • After configuring the packet capture criteria, you can choose to Start capture, Save settings for later, or Close. Starting a packet capture or saving the configured settings will both store criteria for future use.

    When the packet capture is running, disable Auto-scroll to stop automatic scrolling behavior when new packets arrive.

    When the packet capture is complete, non-IP address packets will include header information, however, unsupported types will display as Unknown.

    Controlling GUI packet captures in the CLI

    GUI packet captures can be controlled in the CLI using the on-demand-sniffer commands.

    To control GUI packet captures in the CLI:

    1. Add a new firewall on-demand sniffer table to store the GUI packet capture settings and filters:

      config firewall on-demand-sniffer
    edit "port1 Capture"
        set interface "port1"
        set max-packet-count 10000
        set advanced-filter "net 172.16.200.0/24 and port 443 and port 49257"
    next
end

    2. Run packet capture commands:

      1. List all of the packet captures:

        # diagnose on-demand-sniffer list 
mkey: port1 Capture
interface: port1
status: not_started
start time: 
end time:

      2. Start a packet capture:

        # diagnose on-demand-sniffer start "port1 Capture"

      3. Stop a packet capture:

        # diagnose on-demand-sniffer stop "port1 Capture"

      4. Delete the result of a packet capture:

        # diagnose on-demand-sniffer delete-results "port1 Capture"
    Previous
    Next

    Store packet capture criteria 7.4.4

    Store packet capture criteria 7.4.4

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    Packet capture criteria can be stored for the re-initiation of packet captures multiple times using the same parameters, such as interface, filters, and so on. Diagnostic commands can also be used to list, initiate, terminate, and remove GUI packet captures for increased control over packet capture operations.

    Creating and storing packet capture criteria in the GUI

    Packet capture criteria can be created and stored in order to re-initiate packet captures in the GUI with the same parameters. Capture cards in the Network > Diagnostics page are sorted in alphabetical order of the configured name and colored depending on state:

    • Green: The packet capture is running.

    • Gray: The packet capture has not started yet, has completed, or the capture files have been deleted.

    New and updated fields have been implemented when creating the packet capture:

    • The Limit field has been renamed to Maximum captured packets.

    • The Name field must be a unique name for the packet capture criteria being configured.

    • A new Filters option, Include non-IP packets, allows non-IP address packets to be captured when enabled. Supported non-IP address packet types include ARP, RARP, LLC, LLDP, VLAN, and LACPDU.

    • After configuring the packet capture criteria, you can choose to Start capture, Save settings for later, or Close. Starting a packet capture or saving the configured settings will both store criteria for future use.

    When the packet capture is running, disable Auto-scroll to stop automatic scrolling behavior when new packets arrive.

    When the packet capture is complete, non-IP address packets will include header information, however, unsupported types will display as Unknown.

    Controlling GUI packet captures in the CLI

    GUI packet captures can be controlled in the CLI using the on-demand-sniffer commands.

    To control GUI packet captures in the CLI:

    1. Add a new firewall on-demand sniffer table to store the GUI packet capture settings and filters:

      config firewall on-demand-sniffer
    edit "port1 Capture"
        set interface "port1"
        set max-packet-count 10000
        set advanced-filter "net 172.16.200.0/24 and port 443 and port 49257"
    next
end

    2. Run packet capture commands:

      1. List all of the packet captures:

        # diagnose on-demand-sniffer list 
mkey: port1 Capture
interface: port1
status: not_started
start time: 
end time:

      2. Start a packet capture:

        # diagnose on-demand-sniffer start "port1 Capture"

      3. Stop a packet capture:

        # diagnose on-demand-sniffer stop "port1 Capture"

      4. Delete the result of a packet capture:

        # diagnose on-demand-sniffer delete-results "port1 Capture"
    Previous
    Next