Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

execute packet-capture/packet-capture6

You use these commands to capture packets using tcpdump.

Syntax

execute {packet-capture|packet-capture6} <interface> ["Expression"] [<count>] [pcap|text] [<filename>]

<interface>

Network interface to listen for traffic, such as port1 or port2.

["Expression"]

Specify a filter expression to determine the packets that are captured. Only packets that match the expression are captured. If no expression is specified, all packets received at the interface are captured. For information on filter expressions, see the TCP dump man page:

http://www.tcpdump.org/manpages/pcap-filter.7.html

[<count>]

Specify the number of packets to capture and then exit. The valid range is 1 to 10,000. If you do not specify a count, you can terminate the capture by pressing Ctrl-C.

[pcap|text]

Specify pcap or text. If you do not specify a file type, the results are printed to the screen and not to a file.

[<filename>]

Specify the filename for the saved capture. Do not specify a filename extension. The extension .pcap or .txt is added automatically.

Example

The following examples show the tcpdump commands:

FortiADC-VM # execute packet-capture port1 "tcp port 80" 5 text test1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on port1, link-type EN10MB (Ethernet), capture size 65535 bytes

5 packets captured

5 packets received by filter

0 packets dropped by kernel

 

FortiADC-VM # execute packet-capture-file list

-rw-r--r-- 1 0 0 577 Sep 3 14:31 test1.txt

 

FortiADC-VM # execute packet-capture-file upload tftp test1.txt 192.168.1.23

See also

execute packet-capture-file

 

execute packet-capture/packet-capture6

You use these commands to capture packets using tcpdump.

Syntax

execute {packet-capture|packet-capture6} <interface> ["Expression"] [<count>] [pcap|text] [<filename>]

<interface>

Network interface to listen for traffic, such as port1 or port2.

["Expression"]

Specify a filter expression to determine the packets that are captured. Only packets that match the expression are captured. If no expression is specified, all packets received at the interface are captured. For information on filter expressions, see the TCP dump man page:

http://www.tcpdump.org/manpages/pcap-filter.7.html

[<count>]

Specify the number of packets to capture and then exit. The valid range is 1 to 10,000. If you do not specify a count, you can terminate the capture by pressing Ctrl-C.

[pcap|text]

Specify pcap or text. If you do not specify a file type, the results are printed to the screen and not to a file.

[<filename>]

Specify the filename for the saved capture. Do not specify a filename extension. The extension .pcap or .txt is added automatically.

Example

The following examples show the tcpdump commands:

FortiADC-VM # execute packet-capture port1 "tcp port 80" 5 text test1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on port1, link-type EN10MB (Ethernet), capture size 65535 bytes

5 packets captured

5 packets received by filter

0 packets dropped by kernel

 

FortiADC-VM # execute packet-capture-file list

-rw-r--r-- 1 0 0 577 Sep 3 14:31 test1.txt

 

FortiADC-VM # execute packet-capture-file upload tftp test1.txt 192.168.1.23

See also

execute packet-capture-file