DescriptionThis article describes how to perform an air capture and collect the frames using the 'diag_sniffer' command on FortiAP.
Related link.
FAP CLI Commands:
http://docs.fortinet.com/document/fortiap/6.2.0/fortiwifi-and-fortiap-configuration-guide/65088/fort...SolutionSimilar to the diagnose sniffer on the Fortigate, there are a similar built-in packet sniffer on the FortiAP as below.
Require CLI access to the FortiAP, to make sure ssh is enabled on the FortiAP profile.
FGT# exec ssh admin@xxx.xxx.xxx.xxx <----- xxx IP address of the FortiAP.
FAP# diag_sniffer <intf> <filter>
Where...<interface> can be an Interface list on 'ifconfig' command on the FortiAP or 'any' for all Interfaces.<'filter'> it is typically any protocol example tcp,udp,icmp,arp or can include specific port numbers etc.
Example 1.FAP# diag_sniffer any tcp
FAP# diag_sniffer any "tcp"
interfaces=[any]
filters=[tcp]
1.984333 xxx.xx.xxx.xxx.56677 -> xxx.xxx.xxx.xxx.443: psh 82231660 ack 3470549061
0x0000 0000 0000 0001 3c22 fb44 0a82 0800 4500 ......<".D....E.
0x0010 0073 0000 4000 4006 ef01 ac13 8071 11fa .s..@.@......q..
0x0020 0d05 dd65 01bb 04e6 c16c cedc 6045 5018 ...e.....l..`EP.
0x0030 1000 6dd8 0000 1703 0300 4600 0000 0000 ..m.......F.....
0x0040 0000 0f79 3e4b b071 1dcd b031 9baa f887 ...y>K.q...1....
0x0050 bc13 4154 e5e2 01d9 376b b50a 5a79 3aa6 ..AT....7k..Zy:.
0x0060 365a d265 60e3 e714 c5dc 9709 f0f2 1367 6Z.e`..........g
0x0070 8548 16ad 8d17 1584 f135 d3e9 47f3 c9ce .H.......5..G...
Example 2.FAP# diag_sniffer any ‘port 5426 or 5247’
Note.
Once after the logs are collected, CTRL+ C or exit command will stop the capture.Related Articles
Troubleshooting Tool: Using the FortiOS built-in packet sniffer
Technical Note: How to import 'diagnose sniffer packet' data to WireShark - Ethereal application
