Fortinet black logo

Administration Guide

Packet capture via Web UI

Packet capture via Web UI

  1. Go to System > Network > Packet Capture.
  2. Click Create New to create a new packet capture policy.
  3. Configure these settings:
    Interface Select the network interface on which you want to capture packets.
    Filter Specify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
    Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux man page of TCPDUMP (http://www.tcpdump.org/manpages/tcpdump.1.html).
    Maximum Packet Count Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hits the count.
  4. Click OK.
  5. Configure a packet capture policy from the policy table:
    Interface The network interface on which the packet capture policy is applied.
    Filter The protocols and port numbers that the packet capture policy do or do not want to capture.
    Packets Current captured packet count. This value keeps increasing during the capture is running.
    Maximum Packet Count The maximum packets count of the policy.
    Progress Click the Start button aside No Running to start the capture.

    During the capture processing, a progress bar is displayed to show the progress to the maximum packet count. Count of captured packets is displayed in Packets field.

    Capture stops when hitting the maximum packet count, or you can click the Stop button to stop the capture anytime. Captured packets will be saved as a .pcap file.

    Click the Download button to download the capture output file.

    Click the Restart button to restart the capture.

Packet capture via Web UI

  1. Go to System > Network > Packet Capture.
  2. Click Create New to create a new packet capture policy.
  3. Configure these settings:
    Interface Select the network interface on which you want to capture packets.
    Filter Specify which protocols and port numbers that you do or do not want to capture, such as 'tcp and port 80 and host IP1 and ( IP2 or IP3 )', or leave this field blank for no filters.
    Note that please use the same filter expression as tcpdump for this filter, you can refer to the Linux man page of TCPDUMP (http://www.tcpdump.org/manpages/tcpdump.1.html).
    Maximum Packet Count Specify the maximum packets you want to capture for the policy. Capture will stop automatically if the total captured packets hits the count.
  4. Click OK.
  5. Configure a packet capture policy from the policy table:
    Interface The network interface on which the packet capture policy is applied.
    Filter The protocols and port numbers that the packet capture policy do or do not want to capture.
    Packets Current captured packet count. This value keeps increasing during the capture is running.
    Maximum Packet Count The maximum packets count of the policy.
    Progress Click the Start button aside No Running to start the capture.

    During the capture processing, a progress bar is displayed to show the progress to the maximum packet count. Count of captured packets is displayed in Packets field.

    Capture stops when hitting the maximum packet count, or you can click the Stop button to stop the capture anytime. Captured packets will be saved as a .pcap file.

    Click the Download button to download the capture output file.

    Click the Restart button to restart the capture.