Packet Capture

Video Activity

In this video, you will learn how to use packet capture to monitor traffic passing through your FortiGate. Intercepting and capturing packets can be a useful troubleshooting tool, allowing you to analyze traffic in detail that has passed through your FortiGate. You can easily create customized packet filters and run them when you need more informat...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to use packet capture to monitor traffic passing through your FortiGate. Intercepting and capturing packets can be a useful troubleshooting tool, allowing you to analyze traffic in detail that has passed through your FortiGate. You can easily create customized packet filters and run them when you need more information. Visit Fortinet's documentation library at http://docs.fortinet.com

Video Transcription
00:00
>> In this video, you will learn how to use
00:00
packet capture to monitor
00:00
traffic passing through your FortiGate.
00:00
Intercepting and capturing packets
00:00
can be a useful troubleshooting tool,
00:00
allowing you to analyze traffic in detail.
00:00
In Forti OS,
00:00
you can easily create customized packet filters and run
00:00
them whenever you need in-depth
00:00
information about your traffic.
00:00
Open the FortiGate interface and go to System, Network,
00:00
Packet Capture to create a new filter.
00:00
Select Create New.
00:00
The simplest filter that you can create captures
00:00
a number of packets that
00:00
pass through a selected interface.
00:00
Select an interface, enter a number,
00:00
and save your filter.
00:00
Create another filter and select "Enable Filters".
00:00
You can monitor an interface for all packets that have
00:00
a source or destination within a certain IP range,
00:00
by entering that IP range as the host.
00:00
Save your filter and create another.
00:00
For this one, set the port to port 80 and
00:00
443 to capture all HTTP and HTTPS packets,
00:00
sent through the interface,
00:00
create one more filter and enter 132 as
00:00
the protocol to capture
00:00
all SCTP packets that
00:00
pass through the selected interface.
00:00
Running multiple packet capture filters at
00:00
once can affect your FortiGate unit's performance.
00:00
Select the play icon on
00:00
your filters to start them capturing packets.
00:00
Once the maximum number of packets has been reached,
00:00
the filter will stop collecting them.
00:00
You can stop and restart them at
00:00
anytime and you can download the saved PCAP files,
00:00
which can be opened with a PCAP file viewer
00:00
such as Wireshark.
00:00
Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com
00:00
to access our complete documentation library.
00:00
Also check out our new cookbook site at
00:00
cookbook.fortinet.com for more tutorials like this one.
Up Next