Fortinet black logo

Administration Guide

Packet capture via Web UI

Packet capture via Web UI

  1. Go to System > Network > Packet Capture.
  2. Click Create New to create a new packet capture policy.
  3. Configure these settings:
    InterfaceSelect the network interface on which you want to capture packets.
    FilterSpecify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
    Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux man page of TCPDUMP (HTTP://www.tcpdump.org/manpages/tcpdump.1.html).
    Maximum Packet CountSpecify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hits the count.
  4. Click OK.
  5. Configure a packet capture policy from the policy table:
    InterfaceThe network interface on which the packet capture policy is applied.
    FilterThe protocols and port numbers that the packet capture policy do or do not want to capture.
    PacketsCurrent captured packet count. This value keeps increasing during the capture is running.
    Maximum Packet CountThe maximum packets count of the policy.
    ProgressClick the Start button aside No Running to start the capture.

    During the capture processing, a progress bar is displayed to show the progress to the maximum packet count. Count of captured packets is displayed in Packets field.

    Capture stops when hitting the maximum packet count, or you can click the Stop button to stop the capture anytime. Captured packets will be saved as a .pcap file.

    Click the Download button to download the capture output file.

    Click the Restart button to restart the capture.

Packet capture via Web UI

  1. Go to System > Network > Packet Capture.
  2. Click Create New to create a new packet capture policy.
  3. Configure these settings:
    InterfaceSelect the network interface on which you want to capture packets.
    FilterSpecify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
    Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux man page of TCPDUMP (HTTP://www.tcpdump.org/manpages/tcpdump.1.html).
    Maximum Packet CountSpecify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hits the count.
  4. Click OK.
  5. Configure a packet capture policy from the policy table:
    InterfaceThe network interface on which the packet capture policy is applied.
    FilterThe protocols and port numbers that the packet capture policy do or do not want to capture.
    PacketsCurrent captured packet count. This value keeps increasing during the capture is running.
    Maximum Packet CountThe maximum packets count of the policy.
    ProgressClick the Start button aside No Running to start the capture.

    During the capture processing, a progress bar is displayed to show the progress to the maximum packet count. Count of captured packets is displayed in Packets field.

    Capture stops when hitting the maximum packet count, or you can click the Stop button to stop the capture anytime. Captured packets will be saved as a .pcap file.

    Click the Download button to download the capture output file.

    Click the Restart button to restart the capture.