Fortinet Document Library

Version:


Table of Contents

Administration Guide

20.4.0
Download PDF
Copy Link

Creating a packet capture profile

When troubleshooting networks, you can look inside the header of the packets. This helps to determine if the packets, route, and destination are all what you expect. Packet capture is also called a network tap, packet sniffing, or logic analyzing.

The maximum number of packet-capture profiles and the RAM disk size allotted for packet capture are different for the various platforms:

Platform

Maximum number of profiles

RAM disk size in MB

1xx

8

20

2xx

8

50

4xx

16

75

5xx

16

100

1xxx

16

100

3xxx

16

100

The maximum number of packet capture files is equal to license points. When the number of existing packet capture files has reached the maximum, you need to delete one or more existing packet capture files before starting a packet capture.

Packet capture files are kept for 7 days. For licensed users, there is a 60-day grace period before the packet capture files are deleted.

To create a packet capture profile:
  1. Go to Configuration > Interfaces.
  2. Select to the left of the FortiSwitch unit that you want to investigate.
  3. Select a single interface.
  4. Select Create Packet Capture Profile.

  5. Enter a name for the new packet capture profile in the Configuration Name field.
    Avoid using special characters, such as <, >, (,), #, ', and ".
  6. Optional. Enter a filter to reduce the number of packets captured.
    The filter uses flexible logic. For example, if you want packets using UDP port 1812 between hosts named forti1 and either forti2 or forti3, enter the following:
    udp and port 1812 and host forti1 and \( forti2 or forti3 \)
  7. Enter the maximum number of packets to collect. The maximum number of packets that can be captured depends on the RAM disk size.
  8. Enter the maximum packet length in bytes to capture on the interface. The range of values is 64-1534 bytes.
  9. Select Save.
    Go to Configuration > Packet Capture Profiles to see the new packet capture profile.

Creating a packet capture profile

When troubleshooting networks, you can look inside the header of the packets. This helps to determine if the packets, route, and destination are all what you expect. Packet capture is also called a network tap, packet sniffing, or logic analyzing.

The maximum number of packet-capture profiles and the RAM disk size allotted for packet capture are different for the various platforms:

Platform

Maximum number of profiles

RAM disk size in MB

1xx

8

20

2xx

8

50

4xx

16

75

5xx

16

100

1xxx

16

100

3xxx

16

100

The maximum number of packet capture files is equal to license points. When the number of existing packet capture files has reached the maximum, you need to delete one or more existing packet capture files before starting a packet capture.

Packet capture files are kept for 7 days. For licensed users, there is a 60-day grace period before the packet capture files are deleted.

To create a packet capture profile:
  1. Go to Configuration > Interfaces.
  2. Select to the left of the FortiSwitch unit that you want to investigate.
  3. Select a single interface.
  4. Select Create Packet Capture Profile.

  5. Enter a name for the new packet capture profile in the Configuration Name field.
    Avoid using special characters, such as <, >, (,), #, ', and ".
  6. Optional. Enter a filter to reduce the number of packets captured.
    The filter uses flexible logic. For example, if you want packets using UDP port 1812 between hosts named forti1 and either forti2 or forti3, enter the following:
    udp and port 1812 and host forti1 and \( forti2 or forti3 \)
  7. Enter the maximum number of packets to collect. The maximum number of packets that can be captured depends on the RAM disk size.
  8. Enter the maximum packet length in bytes to capture on the interface. The range of values is 64-1534 bytes.
  9. Select Save.
    Go to Configuration > Packet Capture Profiles to see the new packet capture profile.