![]() In this example we're sniffing for ICMP only, to and from 10.109.16.137: The same the other way around (using here ‘host’ we can see the traffic both ways): Apparently, there is a HTTP session to 10.109.16.137. Though ICMP (ping) was also running and probably some DNS requests too, the trace only shows the TCP part. To have only in a specific type of traffic (let's say TCP Traffic only) it is necessary to change the filter command slightly: However, when filtering for the both ways of communication, we must either use 'host' or “net” keywords: It is also possible to use 'net' as keyword for a broader result: When 'src' and 'dst' are used, 'host' word is optional, and is applied by default. It will NOT show traffic to 10.109.16.137 (for example the ICMP reply) because we asked for 'src host’ and ‘dst host'. To see what's going on between two PCs (or a PC and a FortiGate), do not forget the quotes delimiting the filter expressions: Without a filter the sniffer will display all packets, which is far too much data and quite painful to sort and debug a large file. Imagine to capture the traffic from one PC to another PC. If a second host is specified, only the traffic between the 2 hosts will be displayed. 'udp and port 1812 and host forti1 and ( forti2 or forti3 )' Flexible logical filters for sniffer (or "none").įor example: To print UDP 1812 traffic between forti1 and either forti2 or forti3 ![]() Hint: Below is the format that Technical Support will usually request when attempting to analyze a problem as it includes full packet content, as well as absolute time stamp, in order to correlate packets with other system events.Īs already mentioned, diag sniffer includes a powerful filter functionality that will be described here. Use of absolute time stamp in sniffer trace will report the absolute system time (no time zone) in packet summary: Verbose 6, finally, even includes Ethernet (Ether Frame) Information.Ī script is available (), which will convert a captured verbose 6 output, into a file that can be read and decoded by Ethereal/Wireshark. ![]() Notice the in/ out parameter after wan1 interface that will confirm the direction of the packet entering or leaving the interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |