Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

Packet sniffing integrated switch fabric (ISF) interfaces

Packet sniffing integrated switch fabric (ISF) interfaces

You can use the following command to sniff traffic on FortiGate-7000F ISF interfaces.

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

You run this command by logging into the CLI and editing any VDOM of the FIM or FPM that includes the ISF on which to sniff traffic. For example, to sniff traffic on the ISF of the FIM in slot 2, connect to the CLI of the FIM in slot 2 and edit any VDOM. To sniff traffic on the ISF of the FPM in slot 5, connect to the CLI of the FPM in slot 5 and edit any VDOM. You can't log into an FIM or FPM and sniff traffic on an ISF in a different FIM or FPM.

Where:

<interface> the name of one ISF interface on the FIM or FPM that you are logged into on which to sniff for packets. ISF interface names can be:

  • dp the ISF interface connected to the the load balancing NP7 processors in the FIM or FPM that you have logged into. The FPMs ISF dp interface connects to the NP7 load balancers in the FIMs.

  • sw:<data-interface-name>, where <data-interface-name> is the name of the front panel data interface that the ISF interface is connected to. For example:

    • sw:1-P12 is the ISF interface that is connected to the P12 front panel data interface of the FIM in slot 1.

    • sw:6-P5 is the ISF interface that is connected to the P5 front panel data interface of the FPM in slot 6.

    • <data-interface-name> can also be the name of a split interface, for example sw:2-P20/1 is the name of the ISF interface connected to the 2-P20/1 interface of the FIM in slot 2.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

Packet sniffing integrated switch fabric (ISF) interfaces

Packet sniffing integrated switch fabric (ISF) interfaces

You can use the following command to sniff traffic on FortiGate-7000F ISF interfaces.

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

You run this command by logging into the CLI and editing any VDOM of the FIM or FPM that includes the ISF on which to sniff traffic. For example, to sniff traffic on the ISF of the FIM in slot 2, connect to the CLI of the FIM in slot 2 and edit any VDOM. To sniff traffic on the ISF of the FPM in slot 5, connect to the CLI of the FPM in slot 5 and edit any VDOM. You can't log into an FIM or FPM and sniff traffic on an ISF in a different FIM or FPM.

Where:

<interface> the name of one ISF interface on the FIM or FPM that you are logged into on which to sniff for packets. ISF interface names can be:

  • dp the ISF interface connected to the the load balancing NP7 processors in the FIM or FPM that you have logged into. The FPMs ISF dp interface connects to the NP7 load balancers in the FIMs.

  • sw:<data-interface-name>, where <data-interface-name> is the name of the front panel data interface that the ISF interface is connected to. For example:

    • sw:1-P12 is the ISF interface that is connected to the P12 front panel data interface of the FIM in slot 1.

    • sw:6-P5 is the ISF interface that is connected to the P5 front panel data interface of the FPM in slot 6.

    • <data-interface-name> can also be the name of a split interface, for example sw:2-P20/1 is the name of the ISF interface connected to the 2-P20/1 interface of the FIM in slot 2.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.