Traffic Monitoring on the Fortigate

Home > Technical Knowledge Base > Traffic Monitoring on the Fortigate

February 20th, 2009

One of the most useful diagnostic tools I use in network security is the ability to “sniff” the network traffic as it passes through the Internet gateway.

Using the diagnose sniffer packet phrase on the command line I can easily monitor live packet movement.

Here is an example of a sniffing session on IP port 25 for SMTP:

fg60-example-com # diagnose sniffer packet internal 'port 25'
interfaces=[internal]
filters=[port 25]
2.832710 192.168.223.29.35971 -> 192.168.160.10.25: ack 1662881467
2.843726 192.168.24.20.25 -> 192.168.223.29.37033: psh 713193342 ack 3040117474
2.843861 192.168.223.29.37033 -> 192.168.24.20.25: ack 713193471
2.843944 192.168.223.29.37033 -> 192.168.24.20.25: psh 3040117474 ack 713193471
2.857929 192.168.160.10.25 -> 192.168.223.29.35971: ack 3033574687
2.887730 192.168.24.20.25 -> 192.168.223.29.37033: psh 713193471 ack 3040117487
2.887952 192.168.223.29.37033 -> 192.168.24.20.25: psh 3040117487 ack 713193526
2.933888 192.168.24.20.25 -> 192.168.223.29.37033: psh 713193526 ack 3040117493
2.934064 192.168.223.29.37033 -> 192.168.24.20.25: fin 3040117493 ack 713193602
2.934253 192.168.24.20.25 -> 192.168.223.29.37033: fin 713193602 ack 3040117493
2.934367 192.168.223.29.37033 -> 192.168.24.20.25: ack 713193603
2.977440 192.168.24.20.25 -> 192.168.223.29.37033: ack 3040117494

26 packets received by filter
0 packets dropped by kernel

fg60-example-com #

There are more examples and references at the FORTINET web site.

david Technical Knowledge Base Fortinet

Comments are closed.

The Impact of Unified Threat Management We are warriors fighting to eliminate the billable hour.

Deconn Technical Services

Traffic Monitoring on the Fortigate

FREE Report Tells All!