Packet sniffing and packet capture
FortiOS devices can sniff packets using commands in the CLI or capture packets using the web-based manager. The differences between the two methods are not large.
Packet sniffing in the CLI is well suited for spot checking traffic from the CLI, but if you have complex filters to enter it can be a lot of work to enter them each time. You can also save the sniffing output; however, you must log to a file and then analyze the file later by hand.
Packet capture in the web-based manager makes it easy to set up multiple filters at once and just run one or two as you need them. You also have controls to start and stop capturing as you wish. Packet capture output is downloaded to your local computer as a *.pcap file which requires a third party application to read the file, such as Wireshark. This method is useful to send Fortinet support information to help resolve an issue.
Features | Packet sniffing | Packet capture |
Command location | CLI | web-based manager |
Third party software required | puTTY to log plaintext output | Wireshark to read *.pcap files |
Read output in plain text file | yes | no |
Read output as *.pcap file using Wireshark | no | yes |
Easily configure single quick and simple filter | yes | no |
Record packet interface | yes | no |
Configure complex sniffer filters on multiple interface | no | yes |
sniff IPv6 | hard | easy |
sniff non-IP packets | no | yes |
Filter packets by protocol and/or port | easy | easy |
Filter packets by source and/or destination address | easy | easy |