Fortinet black logo

CLI reference

Home FortiNDR 7.2.0 CLI reference
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

diagnose sniffer packet

diagnose sniffer packet

Use this comand to diagnose the sniffer database by dumping and checking data flow records of the network port.

Ensure the remote TFTP files are created.

Syntax

diagnose sniffer packet <interface> <filter> <verbose> <count> <time format> <file name> <ttl> {background|NULL}

diagnose sniffer packet {stop|status}

Variable

Description

Default

interface | 'stop' | 'status'

If an interface is specified, the tcpdump starts a process recording the data flow of that port.

Use stop to stop a process that is working in the background.

Use status to check the files that have been generated so far.

 any

filter

For example, to print UDP 1812 traffic between forti1 and either forti2 or forti3, use udp and port 1812 and host forti1 and \( forti2 or forti3 \).

none

verbose

Set the verbosity of the record. The options are:

1: Print header of packets.

2: Print header and data from the IP address of packets.

3: Print header and data from the Ethernet of packets (if available).

4: Print header of packets with interface name.

5: Print header and data from IP address of packets with interface name.

6: Print header and data from Ethernet of packets (if available) with INTF name.

1

count

Maximum number of packets to be recorded in this attempt.

-1

time format

Time format of the record. The options are:

a: Absolute UTC time in yyyy-mm-dd hh:mm:ss.ms format.

relative: Relative to the start of sniffing in ss.ms format.

 relative

file name

File name of the record for this recording attempt.

ttl

Maximum time allowed for this record attempt to run (in minutes).

{background}

Optional variable to specify if this recording attempt executes in the backend or displays on the console.

NULL

Previous
Next

diagnose sniffer packet

Use this comand to diagnose the sniffer database by dumping and checking data flow records of the network port.

Ensure the remote TFTP files are created.

Syntax

diagnose sniffer packet <interface> <filter> <verbose> <count> <time format> <file name> <ttl> {background|NULL}

diagnose sniffer packet {stop|status}

Variable

Description

Default

interface | 'stop' | 'status'

If an interface is specified, the tcpdump starts a process recording the data flow of that port.

Use stop to stop a process that is working in the background.

Use status to check the files that have been generated so far.

 any

filter

For example, to print UDP 1812 traffic between forti1 and either forti2 or forti3, use udp and port 1812 and host forti1 and \( forti2 or forti3 \).

none

verbose

Set the verbosity of the record. The options are:

1: Print header of packets.

2: Print header and data from the IP address of packets.

3: Print header and data from the Ethernet of packets (if available).

4: Print header of packets with interface name.

5: Print header and data from IP address of packets with interface name.

6: Print header and data from Ethernet of packets (if available) with INTF name.

1

count

Maximum number of packets to be recorded in this attempt.

-1

time format

Time format of the record. The options are:

a: Absolute UTC time in yyyy-mm-dd hh:mm:ss.ms format.

relative: Relative to the start of sniffing in ss.ms format.

 relative

file name

File name of the record for this recording attempt.

ttl

Maximum time allowed for this record attempt to run (in minutes).

{background}

Optional variable to specify if this recording attempt executes in the backend or displays on the console.

NULL

Previous
Next