Scribd
Upload
27 views

112-Packet Sniffing

Uploaded by

eshensanjula2002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

112-Packet Sniffing

Uploaded by

eshensanjula2002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Packet Sniffing:

When you troubleshoot networks and routing in particular, it helps to look inside the
headers of packets to determine if they are traveling the route that you expect them to
take. Packet sniffing is also known as network tap, packet capture, or logic analyzing. Packet
sniffing can tell if the traffic is reaching its destination, what port of entry is on the FortiGate
unit, if ARP resolution is correct & if traffic is being sent back to source as expected. Packet
sniffing can also tell you if the FortiGate unit is silently dropping packets.
Packet Sniffing records some or all of the packets seen by a network interface. By recording
packets, you can trace connection states to the exact point at which they fail, which may
help you to diagnose some types of problems that are otherwise difficult to detect.

Page | 1 Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717


diagnose sniffer packet <interface_name> <‘filter’> <verbose> <count> <tsformat>
To stop the sniffer, type CTRL+C.
<interface_name> The name of the interface to sniff, such as port1 or internal. This can
also be any to sniff all interfaces.
<‘filter’> What to look for in the information the sniffer reads. none indicates
no filtering, and all packets are displayed as the other arguments
indicate.
The filter must be inside single quotes (‘).
<verbose> The level of verbosity as one of:
1 - print header of packets
2 - print header and data from IP of packets
3 - print header and data from Ethernet of packets
4 - print header of packets with interface name
<count> Number of packets the sniffer reads before stopping. If you don't put
a number here, the sniffer will run until you stop it with <CTRL+C>.
<tsformat> The timestamp formats.
a: absolute UTC time, yyyy-mm-dd hh:mm:ss.ms
l: absolute LOCAL time, yyyy-mm-dd hh:mm:ss.ms
otherwise: relative to the start of sniffing, ss.ms

diagnose sniffer packet port3


diagnose sniffer packet port3 ' host 10.0.1.1 '
diagnose sniffer packet port3 ' host 10.0.1.1 and host 8.8.8.8 '
diagnose sniffer packet port3 ' host 10.0.1.1 and port 80 '
diagnose sniffer packet any ' host 10.0.1.1 '
diagnose sniffer packet any ' host 10.0.1.1 or host 8.8.8.8 '
diagnose sniffer packet any ' host 10.0.1.1 or host 8.8.8.8 ' 4 10
diagnose sniffer packet any ' host 10.0.1.1 or host 8.8.8.8 ' 4 0 a
diagnose sniffer packet any ' src 10.0.1.1 '
diagnose debug disable
diagnose debug reset
diagnose debug flow filter addr 10.0.1.1
diagnose debug flow filter port 80

Page | 2 Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

You might also like