execute : execute tcpdump/tcpdump6
 
execute tcpdump/tcpdump6
You use these commands to capture packets using tcpdump.
Syntax
execute tcpdump <interface> ["Expression"] [<count>] [pcap|text] [<filename>]
<interface>
Network interface to listen for traffic, such as port1 or port2.
["Expression"]
Specify a filter expression to determine the packets that are captured. Only packets that match the expression are captured. If no expression is specified, all packets received at the interface are captured. For information on filter expressions, see the TCP dump man page:
http://www.tcpdump.org/manpages/pcap-filter.7.html
[<count>]
Specify the number of packets to capture and then exit. The valid range is 1 to 10,000. If you do not specify a count, you can terminate the capture by pressing Ctrl-C.
[pcap|text]
Specify pcap or text. If you do not specify a file type, the results are printed to the screen and not to a file.
[<filename>]
Specify the filename for the saved capture. Do not specify a filename extension. The extension .pcap or .txt is added automatically.
Example
The following examples show the tcpdump commands:
FortiADC-VM # execute tcpdump port1 "tcp port 80" 5 text test1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on port1, link-type EN10MB (Ethernet), capture size 65535 bytes
5 packets captured
5 packets received by filter
0 packets dropped by kernel
 
FortiADC-VM # execute tcpdump-file list
-rw-r--r-- 1 0 0 577 Sep 3 14:31 test1.txt
 
FortiADC-VM # execute tcpdump-file upload tftp test1.txt 192.168.1.23
See also
execute tcpdump-file