Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2
FortiManager can perform packet capture on managed FortiGate interfaces and trigger packet capture on the managed FortiSwitches when traffic-sniffer has been configured. The captured file can be saved and downloaded as .pcap file for further analysis.
Packet Capture in the Device manager
To perform a packet capture on managed FortiGate interfaces:
- In Device Manager, select a FortiGate and go to System > Interface.
- Select an interface, click More > Packet Capture.
- You can configure the Max Number of Packets and/or Filters, and click OK to start the packet capture.
- Select Graph, Headers, or Packet Data to view details of the packet.
Packet Capture in the FortiSwitch Manager
To perform a packet capture on managed FortiSwitch devices:
- In the FortiGate CLI, configure the
switch-controller traffic-sniffer
setting.
For example:config switch-controller traffic-sniffer
set mode rspan
config target-mac
edit 00:0c:29:1a:2b:3c
set description "ABC123"
next
end
config target-ip
edit 192.168.11.11
set description "ABC123IP"
next
end
config target-port
edit "S000DN4K15000050"
set description "ABC123switch"
set out-ports "port1"
next
end
- After the FortiGate has been added in FortiManager, go to FortiSwitch Manager, select a FortiSwitch device, right-click and select Diagnostics and Tools.
- When the FortiSwitch is not configured in
switch-controller traffic-sniffer
, the Packet Capture tab will not be displayed. - When the FortiSwitch is configured in
switch-controller traffic-sniffer
, the Packet Capture tab is shown. - You can configure the Max Number of Packets and/or Filters, and click Start Capture to begin capturing packets.
- Select Graph, Headers or Packet Data to view details of the packet.
- When user stops packet capturing, the captured packets can be saved into a .pcap file.