Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-6000 Administration Guide

    Home FortiGate / FortiOS 7.4.2 FortiGate-6000 Administration Guide
    7.4.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5

    Packet sniffing integrated switch fabric (ISF) interfaces

    Packet sniffing integrated switch fabric (ISF) interfaces

    From the management board CLI after editing any VDOM, you can use the following command to sniff traffic on FortiGate 6000F ISF interfaces:

    diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

    Where:

    <interface> the name of one ISF interface on which to sniff for packets. The interface can be dp for the ISF interface connected to the DP processor or sw:port1, sw:port2, sw:port3, ..., sw:port28 for the ISF interfaces connected to traffic interfaces. You must specify an interface name. any does not work.

    <filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

    <verbose> the amount of detail in the output, and can be:

    1. display packet headers only.
    2. display packet headers and IP data.
    3. display packet headers and Ethernet data (if available).
    4. display packet headers and interface names.
    5. display packet headers, IP data, and interface names.
    6. display packet headers, Ethernet data (if available), and interface names.

    <count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

    <timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

    <frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

    Previous
    Next

    Packet sniffing integrated switch fabric (ISF) interfaces

    Packet sniffing integrated switch fabric (ISF) interfaces

    From the management board CLI after editing any VDOM, you can use the following command to sniff traffic on FortiGate 6000F ISF interfaces:

    diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

    Where:

    <interface> the name of one ISF interface on which to sniff for packets. The interface can be dp for the ISF interface connected to the DP processor or sw:port1, sw:port2, sw:port3, ..., sw:port28 for the ISF interfaces connected to traffic interfaces. You must specify an interface name. any does not work.

    <filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

    <verbose> the amount of detail in the output, and can be:

    1. display packet headers only.
    2. display packet headers and IP data.
    3. display packet headers and Ethernet data (if available).
    4. display packet headers and interface names.
    5. display packet headers, IP data, and interface names.
    6. display packet headers, Ethernet data (if available), and interface names.

    <count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

    <timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

    <frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

    Previous
    Next