https://it-arts.net/index.php?action=history&feed=atom&title=FORTIGATE_-_Packet_Sniffer
FORTIGATE - Packet Sniffer - Revision history
2026-05-02T18:43:14Z
Revision history for this page on the wiki
MediaWiki 1.44.2
https://it-arts.net/index.php?title=FORTIGATE_-_Packet_Sniffer&diff=802&oldid=prev
Admin: Text replacement - "Category:Wiki" to "Category:Wiki
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''
"
2026-01-17T06:18:46Z
<p>Text replacement - "<a href="/index.php/Category:Wiki" title="Category:Wiki">Category:Wiki</a>" to "<a href="/index.php/Category:Wiki" title="Category:Wiki">Category:Wiki</a> '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 06:18, 17 January 2026</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Wiki]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Wiki]]</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Verbose Levels Detail ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Verbose Levels Detail ==</div></td></tr>
</table>
Admin
https://it-arts.net/index.php?title=FORTIGATE_-_Packet_Sniffer&diff=378&oldid=prev
Admin: Text replacement - "Category:Post-It" to "Category:Wiki"
2025-12-09T07:53:46Z
<p>Text replacement - "<a href="/index.php?title=Category:Post-It&action=edit&redlink=1" class="new" title="Category:Post-It (page does not exist)">Category:Post-It</a>" to "<a href="/index.php/Category:Wiki" title="Category:Wiki">Category:Wiki</a>"</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 07:53, 9 December 2025</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Category:<del style="font-weight: bold; text-decoration: none;">Post-It</del>]]</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Category:<ins style="font-weight: bold; text-decoration: none;">Wiki</ins>]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Verbose Levels Detail ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Verbose Levels Detail ==</div></td></tr>
</table>
Admin
https://it-arts.net/index.php?title=FORTIGATE_-_Packet_Sniffer&diff=112&oldid=prev
Admin at 13:07, 18 August 2024
2024-08-18T13:07:28Z
<p></p>
<p><b>New page</b></p><div>[[Category:Post-It]]<br />
<br />
== Verbose Levels Detail ==<br />
<br />
* 1: print header of packets.<br />
* 2: print header and data from IP of packets.<br />
* 3: print header and data from Ethernet of packets.<br />
* 4: print header of packets with interface name.<br />
* 5: print header and data from IP of packets with interface name.<br />
* 6: print header and data from Ethernet of packets with interface name.<br />
<br />
<br />
<br />
== Basic Sniffing Command ==<br />
<br />
<nowiki><br />
diag sniffer packet <interface> <'filter'> <verbose> <count> a</nowiki><br />
<br />
* <interface> can be an interface name or 'any' for all interfaces.<br />
<br />
* <'filter'> is a very powerful filter functionality which will be described in more detail.<br />
<br />
* <verbose> means the level of verbosity as described already.<br />
<br />
* <count> the number of packets the sniffer reads before stopping.<br />
<br />
* a – timestamps the packets with the absolute UTC time.<br />
<br />
* l - (small letter L) timestamps the packets with LOCAL time.<br />
<br />
<br />
<br />
<br />
== Full Examples ==<br />
<br />
<nowiki><br />
diag sniffer packet any "host 3.210.115.14 and icmp" 4 l 0</nowiki><br />
<br />
<nowiki><br />
diag sniffer packet wan1 'host 10.109.16.137 and (icmp or tcp)' 1</nowiki><br />
<br />
<nowiki><br />
diag sniffer packet wan1 'host 10.109.16.137 and host 172.26.48.21 and tcp port 80' 1 3</nowiki><br />
<br />
<br />
<br />
== Sniffing MAC Addresses ==<br />
<br />
Below is the command to sniff packet by MAC Address on FortiGate with CLI commands:<br />
<br />
<br />
<br />
=== Source MAC ===<br />
<br />
To sniff the MAC Address when it is 'Source MAC = 00:09:0f:89:10:ea' :<br />
<br />
<br />
<br />
==== Method 1 ====<br />
<br />
<nowiki><br />
diagnose sniffer packet <interface> "ether src 00:09:0f:89:10:ea"</nowiki><br />
<br />
<br />
<br />
==== Method 2 ====<br />
<br />
<nowiki><br />
diagnose sniffer packet any '(ether[6:4]=0x00090f89) and (ether[10:2]=0x10ea)' 4</nowiki><br />
<br />
<br />
<br />
=== Destination MAC ===<br />
<br />
To sniff the MAC Address when it is 'Destination MAC = 00:09:0f:89:10:ea' :<br />
<br />
<br />
<br />
==== Method 1 ====<br />
<br />
<nowiki><br />
diagnose sniffer packet <interface> "ether dst 00:09:0f:89:10:ea"</nowiki><br />
<br />
<br />
<br />
==== Method 2 ====<br />
<br />
<nowiki><br />
diagnose sniffer packet any '(ether[0:4]=0x00090f89) and (ether[4:2]=0x10ea)' 4</nowiki><br />
<br />
<br />
<br />
=== Source Or Destination MAC ===<br />
<br />
To sniff the MAC Address when it is 'Source/Destination MAC = 00:09:0f:89:10:ea' :<br />
<br />
<nowiki><br />
diagnose sniffer packet <interface> "ether host 00:09:0f:89:10:ea"</nowiki><br />
<br />
<br />
<br />
== Usefull Links ==<br />
<br />
* https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sniffer/ta-p/194222<br />
<br />
* https://infosecmonkey.com/quick-tip-how-to-run-sniffer-on-fortigate-cli/</div>
Admin