Debug Sniffer

(2017-11-23)

Problem

Want to sniff traffic flow.

Solution

# diag sniffer packet <interface> <'filter'> <verbose> <count> a

Filter syntax:

'[[src|dst] host<IP1>] [[src|dst] host<IP2>] [[arp|ip|gre|esp|udp|tcp] [port_no]] [[arp|ip|gre|esp|udp|tcp] [port_no]]'

Example:

# diag sniff packet port2 'host 139.60.169.2 and port 443' 1 999

Values for <verbose>:

1: print header of packets
2: print header and data from IP of packets
3: print header and data from Ethernet of packets
4: print header of packets with interface name
5: print header and data from IP of packets with interface name
6: print header and data from Ethernet of packets with interface name

"a" = print times as absolute instead of relative to start time

arp

Backup ISP with some traffic selection

crashlog

DHCP and PPPoE

DHCP Client Leases

DHCP Reservation

HA Cluster Member Firmware Revisions

Interface Duplex

Interface Mode

Interface Status

Memory Logging

Packet Capture

Radius Server Definition

Reset Admin Password

Reset to Factory Defaults

Routing Table

Simple Commands

Syslog

Test Authentication Servers

Configuration Preparation

DHCP Reservation

Dual-WAN Gateways

EXT3 fs error (device)

HA Cluster Status

HA Cluster Synchronization

Management Access

VoIP Clients with Fortigates

VPN Fragmentation

VPN Tunnel Details

CLI Disk Scan FSCK

CLI Upgrade Firmware

Connecting Multiple vDOMs to the same VLAN

CPU is pinned

Debug Flow

Debug Session

Debug Sniffer

Factory Reset

Fixing HA Sync Problems

Forticlient Registering To Fortigate

List DHCP Client Leases

List SSLVPN Users

RTC Power Status Failed

SSLVPN Logs Out After 8 Hours

System Time

VPN Flapping Leads To Bogus Routing

Wifi Clients Connect But Can't Get DHCP Lease

BGP Neighbors

BGP Sessions

DH Selection for VPNs

FortiCloud Debug Commands

FortiOS LLDP

IPsec Not Passing Packets

List DHCP Clients CLI

Microsoft Office Whitelisting

Routing Table

SSH Pubkey Login

SSL Security Settings

SSLVPN DNS Suffix

System Version from CLI

Traffic Shaping Policy

CLI Restore Configuration

Displaying Logs From Console

iPerf3 on Fortigates

IPSA self test failed, disable IPSA!

LDAP lookup account considerations

List Connected Users

Read-Only Admin Profile

SD-WAN Diagnostics

VPN Debug

VPN Tunnel Interface Address

Wifi 802.1x with LDAP Groups

FortiClient Error Codes

Device Table Size Maximum

Device-Local Certificate Expired

CLI Policy Lookup

IPsec MTU Adjustments

IPsec MTU Varies By Encryption Algorythm

Link Monitor

Looking at logs via CLI

Check Geo-IP Region For A Specific IP