Fortinet 635 FortiWeb 5.0 Patch 6 Administration Guide
(Verbose output can be very long. As a result, output shown below is truncated after only one
packet.)
FortiWeb# diagnose network sniffer packet port1 'tcp port 443' 3
interfaces=[port1]
filters=[tcp port 443]
10.651905 192.168.0.1.50242 -> 192.168.0.2.443: syn 761714898
0x0000 0009 0f09 0001 0009 0f89 2914 0800 4500
..........)...E.
0x0010 003c 73d1 4000 4006 3bc6 d157 fede ac16
.<s.@.@.;..W....
0x0020 0ed8 c442 01bb 2d66 d8d2 0000 0000 a002
...B..-f........
0x0030 16d0 4f72 0000 0204 05b4 0402 080a 03ab
..Or............
0x0040 86bb 0000 0000 0103 0303 ..........
Instead of reading packet capture output directly in your CLI display, you usually should save
the output to a plain text file using your CLI client. Saving the output provides several
advantages. Packets can arrive more rapidly than you may be able to read them in the buffer of
your CLI display, and many protocols transfer data using encodings other than US-ASCII. It is
often, but not always, preferable to analyze the output by loading it into in a network protocol
analyzer application such as Wireshark (http://www.wireshark.org/).
For example, you could use PuTTY or Microsoft HyperTerminal to save the sniffer output to a
file. Methods may vary. See the documentation for your CLI client.
Requirements
• terminal emulation software such as PuTTY
• a plain text editor such as Notepad
•a Perl interpreter
• network protocol analyzer software such as Wireshark
To view packet capture output using PuTTY and Wireshark
1. On your management computer, start PuTTY.
2. Use PuTTY to connect to the FortiWeb appliance using either a local console, SSH, or Telnet
connection. For details, see the FortiWeb CLI Reference.
3. Type the packet capture command, such as:
diagnose network sniffer packet port1 'tcp port 443' 3
but do not press Enter yet.