Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

Creating packet capture filters

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:780058
Download PDF

Creating packet capture filters

  1. Go to Network > Packet Capture and create a new filter.

    If the Packet Capture option does not appear in the main GUI, you can also access this menu using the URL https://[management-IP]/ng/page/p/firewall/sniffer/.

  2. The simplest filter just captures all of the packets received by an interface. This filter captures ten packets received by the LAN interface.

  3. To be more specific about the packets to capture, select Enable Filters.

    This filter captures 100 HTTP and HTTPS packets (port 80 and 443) received by the lan interface that has a source or destination address in the range 192.168.100.100-192.168.100.200.

  4. This filter captures the first 4000 Stream Control Transmission Protocol (SCTP) packets received by the wan1 interface.

  5. This filter captures the first 1000 DNS packets (port 53) querying the Google DNS server (IP address 8.8.8.8) with VLAN IDs 37 or 39.

Previous
Next

Creating packet capture filters

  1. Go to Network > Packet Capture and create a new filter.

    If the Packet Capture option does not appear in the main GUI, you can also access this menu using the URL https://[management-IP]/ng/page/p/firewall/sniffer/.

  2. The simplest filter just captures all of the packets received by an interface. This filter captures ten packets received by the LAN interface.

  3. To be more specific about the packets to capture, select Enable Filters.

    This filter captures 100 HTTP and HTTPS packets (port 80 and 443) received by the lan interface that has a source or destination address in the range 192.168.100.100-192.168.100.200.

  4. This filter captures the first 4000 Stream Control Transmission Protocol (SCTP) packets received by the wan1 interface.

  5. This filter captures the first 1000 DNS packets (port 53) querying the Google DNS server (IP address 8.8.8.8) with VLAN IDs 37 or 39.

Previous
Next