Packet capture – FortiAnalyzer – Packet Capture

Packet capture

Packets can be captured on configured interfaces by going to System > Network > Packet Capture.

The following information is available:

Interface The name of the configured interface for which packets can be captured. For information on configuring an interface, see Configuring network interfaces on page 167.
Filter Criteria The values used to filter the packet.
# Packets The number of packets.
Maximum Packet Count The maximum number of packets that can be captured on a sniffer.
Progress The status of the packet capture process.
Actions Allows you to start and stop the capturing process, and download the most recently captured packets.

To start capturing packets on an interface, select the Start capturing button in the Actions column for that interface. The Progress column changes to Running, and the Stop capturing and Download buttons become available in the Actions column.

To add a packet sniffer:

  1. From the Packet Capture table, click Create New in the toolbar. The Create New Sniffer pane opens.
  2. Configure the following options:
Interface The interface name (non-changeable).
Max. Packets to Save Enter the maximum number of packets to capture, between 1-10000. The default is 4000 packets.
Include IPv6 Packets Select to include IPv6 packets when capturing packets.
Include Non-IP Packets Select to include non-IP packets when capturing packets.
Enable Filters You can filter the packet by Host(s), Port(s), VLAN(s), and Protocol.
  1. Click OK.

To download captured packets:

  1. In the Actions column, click the Download button for the interface whose captured packets you want to download. If no packets have been captured for that interface, click the Start capturing
  2. When prompted, save the packet file (sniffer_[interface].pcap) to your management computer. The file can then be opened using packet analyzer software.

To edit a packet sniffer:

  1. From the Packet Capture table, click Edit in the toolbar. The Edit Sniffer pane opens. 2. Configure the packet sniffer options
  2. Click OK.
This entry was posted in Administration Guides, FortiAnalyzer, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.