For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5 > Packet Dumps

Packet Dumps

Created by dave. Last edited by dave, 5 years and 68 days ago. Viewed 2,719 times. #3
[diff] [history] [edit] [rdf]
labels
attachments
(2013-07-18)

Show information of packets seen on an interface:

# diag sniffer packet internal none 4 3
internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918764 ack 1949135261
internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918816 ack 1949135261
internal out 192.168.0.30.1144 -> 192.168.0.1.22: ack 2859918884
In this example:
  • none is the filter
  • 4 means show verbose level 4
  • 3 means show 3 packets then stop
Verbose levels: usually you want level 3 or level 4. Level three shows you a hex dump of the packet, good for looking for mac addresses or whatever. If you just want to see the IP/TCP information, level 4 is sufficient.

More details >>here

# diag sniffer packet internal1 "host 10.10.0.1" 4 150

# diag sniffer packet internal1 "src host 10.10.0.1" 4 150

# diag sniffer packet internal1 "src host 10.10.0.1 dst host 10.20.0.1" 4 150

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt