Fortinet black logo

CLI Reference

system tcpdump

system tcpdump

Use this command to configure capturing packets.

To use this command, your administrator account’s access control profile must have rw permission to the netgrp area. For details, see Permissions.

Syntax

config system tcpdump

edit file id

set "<filter_str>"

set {any | "<interface_str>"}

set "<max-packet-count_int>"

end


Variable Description Default

file id

Enter the packet capture file ID.

No default

"<max-packet-count_int>"

Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hit the count.

4000

"<filter_str>"

Specify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux main page of TCPDUMP (http://www.tcpdump.org/manpages/tcpdump.1.html).

No default.

{any | "<interface_str>"}

Select the network interface on which you want to capture packets, such as port1, or any for all interfaces.

any

"<max-packet-count_int>"

Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hit the count.

4000

Related topics

system tcpdump

Use this command to configure capturing packets.

To use this command, your administrator account’s access control profile must have rw permission to the netgrp area. For details, see Permissions.

Syntax

config system tcpdump

edit file id

set "<filter_str>"

set {any | "<interface_str>"}

set "<max-packet-count_int>"

end


Variable Description Default

file id

Enter the packet capture file ID.

No default

"<max-packet-count_int>"

Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hit the count.

4000

"<filter_str>"

Specify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux main page of TCPDUMP (http://www.tcpdump.org/manpages/tcpdump.1.html).

No default.

{any | "<interface_str>"}

Select the network interface on which you want to capture packets, such as port1, or any for all interfaces.

any

"<max-packet-count_int>"

Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hit the count.

4000

Related topics