FORTIGATE - Packet Sniffer: Difference between revisions
From Wiki.IT-Arts.net
(Created page with "Category:Post-It == Verbose Levels Detail == * 1: print header of packets. * 2: print header and data from IP of packets. * 3: print header and data from Ethernet of packets. * 4: print header of packets with interface name. * 5: print header and data from IP of packets with interface name. * 6: print header and data from Ethernet of packets with interface name. == Basic Sniffing Command == <nowiki> diag sniffer packet <interface> <'filter'> <verbose> <count>...") |
No edit summary |
||
| Line 28: | Line 28: | ||
* l - (small letter L) timestamps the packets with LOCAL time. | * l - (small letter L) timestamps the packets with LOCAL time. | ||
| Line 41: | Line 42: | ||
<nowiki> | <nowiki> | ||
diag sniffer packet wan1 'host 10.109.16.137 and host 172.26.48.21 and tcp port 80' 1 3</nowiki> | diag sniffer packet wan1 'host 10.109.16.137 and host 172.26.48.21 and tcp port 80' 1 3</nowiki> | ||
== Sniffing MAC Addresses == | |||
Below is the command to sniff packet by MAC Address on FortiGate with CLI commands: | |||
=== Source MAC === | |||
To sniff the MAC Address when it is 'Source MAC = 00:09:0f:89:10:ea' : | |||
==== Method 1 ==== | |||
<nowiki> | |||
diagnose sniffer packet <interface> "ether src 00:09:0f:89:10:ea"</nowiki> | |||
==== Method 2 ==== | |||
<nowiki> | |||
diagnose sniffer packet any '(ether[6:4]=0x00090f89) and (ether[10:2]=0x10ea)' 4</nowiki> | |||
=== Destination MAC === | |||
To sniff the MAC Address when it is 'Destination MAC = 00:09:0f:89:10:ea' : | |||
==== Method 1 ==== | |||
<nowiki> | |||
diagnose sniffer packet <interface> "ether dst 00:09:0f:89:10:ea"</nowiki> | |||
==== Method 2 ==== | |||
<nowiki> | |||
diagnose sniffer packet any '(ether[0:4]=0x00090f89) and (ether[4:2]=0x10ea)' 4</nowiki> | |||
=== Source Or Destination MAC === | |||
To sniff the MAC Address when it is 'Source/Destination MAC = 00:09:0f:89:10:ea' : | |||
<nowiki> | |||
diagnose sniffer packet <interface> "ether host 00:09:0f:89:10:ea"</nowiki> | |||
Latest revision as of 13:07, 18 August 2024
Verbose Levels Detail
- 1: print header of packets.
- 2: print header and data from IP of packets.
- 3: print header and data from Ethernet of packets.
- 4: print header of packets with interface name.
- 5: print header and data from IP of packets with interface name.
- 6: print header and data from Ethernet of packets with interface name.
Basic Sniffing Command
diag sniffer packet <interface> <'filter'> <verbose> <count> a
- <interface> can be an interface name or 'any' for all interfaces.
- <'filter'> is a very powerful filter functionality which will be described in more detail.
- <verbose> means the level of verbosity as described already.
- <count> the number of packets the sniffer reads before stopping.
- a – timestamps the packets with the absolute UTC time.
- l - (small letter L) timestamps the packets with LOCAL time.
Full Examples
diag sniffer packet any "host 3.210.115.14 and icmp" 4 l 0
diag sniffer packet wan1 'host 10.109.16.137 and (icmp or tcp)' 1
diag sniffer packet wan1 'host 10.109.16.137 and host 172.26.48.21 and tcp port 80' 1 3
Sniffing MAC Addresses
Below is the command to sniff packet by MAC Address on FortiGate with CLI commands:
Source MAC
To sniff the MAC Address when it is 'Source MAC = 00:09:0f:89:10:ea' :
Method 1
diagnose sniffer packet <interface> "ether src 00:09:0f:89:10:ea"
Method 2
diagnose sniffer packet any '(ether[6:4]=0x00090f89) and (ether[10:2]=0x10ea)' 4
Destination MAC
To sniff the MAC Address when it is 'Destination MAC = 00:09:0f:89:10:ea' :
Method 1
diagnose sniffer packet <interface> "ether dst 00:09:0f:89:10:ea"
Method 2
diagnose sniffer packet any '(ether[0:4]=0x00090f89) and (ether[4:2]=0x10ea)' 4
Source Or Destination MAC
To sniff the MAC Address when it is 'Source/Destination MAC = 00:09:0f:89:10:ea' :
diagnose sniffer packet <interface> "ether host 00:09:0f:89:10:ea"
