Fortinet black logo

Administration Guide

Home FortiRecorder 6.0.0 Administration Guide

Using Traffic Capture

6.0.0
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.0
6.0.0
2.7.2
2.7.1
2.7.0
2.6.0
Copy Link
Copy Doc ID f41cea3c-ee48-11eb-97f7-00505692583a:220983

Using Traffic Capture

When troubleshooting networks, review the contents of the packets. Reviewing the packets may determine if the packets, route, and destination are accurate. Traffic capture assists in troubleshooting various problems, such as:

  • finding missing traffic
  • monitoring session setup
  • locating ARP problems, such as broadcast storm sources and causes
  • confirming which address a computer is using on the network and if they have multiple addresses or are on multiple networks
  • monitoring functioning routing
  • intermittent missing PING packets.

If running a constant traffic application, such as ping, traffic capture displays if the traffic is reaching the destination, how the port enters and exits the FortiRecorder unit, if the ARP resolution is correct, and if the traffic is returning to the source as expected.

To capture the traffic

  1. Go to System > Network > Traffic Capture.
  2. Select New.
  3. Enter a description for the file generated from the captured traffic.
  4. Select the time period for performing the packet capture from the Duration drop-down menus.
  5. Specify which interface to capture from the Interface drop-down menu.
  6. Enter a maximum of three IP addresses or host names to capture in the IP/Host field to limit the scope of traffic capture.
  7. Select the filter for the traffic capture. Select Use protocol to capture UDP or TCP traffic on the specified port number or None.
  8. Enter the IP address/host names and port numbers to not capture in the Exclusion field
  9. Select Create.

    The generated PCAP file is viewable in Wireshark.
Previous
Next

Using Traffic Capture

When troubleshooting networks, review the contents of the packets. Reviewing the packets may determine if the packets, route, and destination are accurate. Traffic capture assists in troubleshooting various problems, such as:

  • finding missing traffic
  • monitoring session setup
  • locating ARP problems, such as broadcast storm sources and causes
  • confirming which address a computer is using on the network and if they have multiple addresses or are on multiple networks
  • monitoring functioning routing
  • intermittent missing PING packets.

If running a constant traffic application, such as ping, traffic capture displays if the traffic is reaching the destination, how the port enters and exits the FortiRecorder unit, if the ARP resolution is correct, and if the traffic is returning to the source as expected.

To capture the traffic

  1. Go to System > Network > Traffic Capture.
  2. Select New.
  3. Enter a description for the file generated from the captured traffic.
  4. Select the time period for performing the packet capture from the Duration drop-down menus.
  5. Specify which interface to capture from the Interface drop-down menu.
  6. Enter a maximum of three IP addresses or host names to capture in the IP/Host field to limit the scope of traffic capture.
  7. Select the filter for the traffic capture. Select Use protocol to capture UDP or TCP traffic on the specified port number or None.
  8. Enter the IP address/host names and port numbers to not capture in the Exclusion field
  9. Select Create.

    The generated PCAP file is viewable in Wireshark.
Previous
Next