Scribd
Upload
86 views1 page

82-Packet Sniffing

Packet sniffing allows network administrators to examine packet headers and determine if traffic is taking the expected routing path. It can show if packets are reaching their destination, which FortiGate interface they are entering through, if ARP resolution is correct, and if traffic is being sent back to the source as expected. The diagnose sniffer packet command is used to sniff packets on an interface with options to filter by IP, port, number of packets, and timestamp format.

Uploaded by

vishaljakahr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
86 views1 page

82-Packet Sniffing

Packet sniffing allows network administrators to examine packet headers and determine if traffic is taking the expected routing path. It can show if packets are reaching their destination, which FortiGate interface they are entering through, if ARP resolution is correct, and if traffic is being sent back to the source as expected. The diagnose sniffer packet command is used to sniff packets on an interface with options to filter by IP, port, number of packets, and timestamp format.

Uploaded by

vishaljakahr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Packet Sniffing:

When you troubleshoot networks and routing in particular, it helps to look inside the
headers of packets to determine if they are traveling the route that you expect them to
take. Packet sniffing is also known as network tap, packet capture, or logic analyzing. Packet
sniffing can tell if the traffic is reaching its destination, what port of entry is on the FortiGate
unit, if ARP resolution is correct & if traffic is being sent back to source as expected. Packet
sniffing can also tell you if the FortiGate unit is silently dropping packets.
diagnose sniffer packet <interface_name> <‘filter’> <verbose> <count> <tsformat>
To stop the sniffer, type CTRL+C.
<interface_name> The name of the interface to sniff, such as port1 or internal. This can
also be any to sniff all interfaces.
<‘filter’> What to look for in the information the sniffer reads. none indicates
no filtering, and all packets are displayed as the other arguments
indicate.
The filter must be inside single quotes (‘).
<verbose> The level of verbosity as one of:
1 - print header of packets
2 - print header and data from IP of packets
3 - print header and data from Ethernet of packets
4 - print header of packets with interface name
<count> Number of packets the sniffer reads before stopping. If you don't put
a number here, the sniffer will run until you stop it with <CTRL+C>.
<tsformat> The timestamp formats.
a: absolute UTC time, yyyy-mm-dd hh:mm:ss.ms
l: absolute LOCAL time, yyyy-mm-dd hh:mm:ss.ms
otherwise: relative to the start of sniffing, ss.ms

diagnose sniffer packet port2


diagnose sniffer packet port2 ' host 192.168.1.1 '
diagnose sniffer packet port2 ' host 192.168.1.1 and host 8.8.8.8 '
diagnose sniffer packet port2 ' host 192.168.1.1 and port 80 '
diagnose sniffer packet any ' host 192.168.1.1 '
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 '
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 10
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 0 a
diagnose sniffer packet any ' src 192.168.1.1 '
diagnose debug disable
diagnose debug reset
diagnose debug flow filter addr 192.168.1.1
diagnose debug flow filter port 80

Page | 1 Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like