Fortinet black logo

FortiGate-7000E Administration Guide

Home FortiGate / FortiOS 7.4.2 FortiGate-7000E Administration Guide
7.4.2
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5

Packet sniffing on integrated switch fabric (ISF) interfaces

Packet sniffing on integrated switch fabric (ISF) interfaces

You can use the following command to sniff traffic on FortiGate 7000E ISF interfaces.

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

You run this command by logging into the CLI and editing any VDOM of the FIM that includes the ISF on which to sniff traffic. For example, to sniff traffic on the ISF of the FIM in slot 2, connect to the CLI of the FIM in slot 2 and edit any VDOM. You can't sniff traffic of the ISF of the FIM in slot 2 by logging into the CLI of the FIM in slot 1.

Where:

<interface> the name of one ISF interface on the FIM that you are logged into on which to sniff for packets. ISF interface names can be:

  • dp the ISF interface connected to the the DP processor in the FIM that you have logged into.

  • sw:<data-interface-name>, where <data-interface-name> is the name of the front panel data interface that the ISF interface is connected to.

    • For example, sw:1-A10 is the ISF interface that is connected to the A10 front panel data interface of the FIM-7901E in slot 1.

    • <data-interface-name> can also be the name of a split interface, for example sw:2-C1/1 is the name of the ISF interface connected to the 2-C1/1 interface of the FIM-7920E in slot 2.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

Previous
Next

Packet sniffing on integrated switch fabric (ISF) interfaces

You can use the following command to sniff traffic on FortiGate 7000E ISF interfaces.

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

You run this command by logging into the CLI and editing any VDOM of the FIM that includes the ISF on which to sniff traffic. For example, to sniff traffic on the ISF of the FIM in slot 2, connect to the CLI of the FIM in slot 2 and edit any VDOM. You can't sniff traffic of the ISF of the FIM in slot 2 by logging into the CLI of the FIM in slot 1.

Where:

<interface> the name of one ISF interface on the FIM that you are logged into on which to sniff for packets. ISF interface names can be:

  • dp the ISF interface connected to the the DP processor in the FIM that you have logged into.

  • sw:<data-interface-name>, where <data-interface-name> is the name of the front panel data interface that the ISF interface is connected to.

    • For example, sw:1-A10 is the ISF interface that is connected to the A10 front panel data interface of the FIM-7901E in slot 1.

    • <data-interface-name> can also be the name of a split interface, for example sw:2-C1/1 is the name of the ISF interface connected to the 2-C1/1 interface of the FIM-7920E in slot 2.

<filter> a filter to select the types of packets for which to view traffic. This can be simple, such as entering udp to view UDP traffic or complex to specify a protocol, port, and source and destination interface and so on.

<verbose> the amount of detail in the output, and can be:

  1. display packet headers only.
  2. display packet headers and IP data.
  3. display packet headers and Ethernet data (if available).
  4. display packet headers and interface names.
  5. display packet headers, IP data, and interface names.
  6. display packet headers, Ethernet data (if available), and interface names.

<count> the number of packets to view. You can enter Ctrl-C to stop the sniffer before the count is reached. If you don't include a count packets are displayed continuously until you press Ctrl-C.

<timestamp> the timestamp format, a for UTC time, l for local time, and otherwise to display the time relative to entering the command in the format ss.ms.

<frame-size> the frame size that is printed before truncation. Defaults to the interface MTU.

Previous
Next