| Description | This article describes how to capture Packets without disabling hw offloading in NP7 devices. |
| Scope |
FortiGate. |
| Solution |
To start packet capture, first NPU filters should be set:
# diagnose npu sniffer filter selector 0 # diagnose npu sniffer filter intf port8 # diagnose npu sniffer filter dir both # diagnose npu sniffer filter dir 2 # diagnose npu sniffer filter protocol 6 # diagnose npu sniffer filter srcip 193.108.213.15 # diagnose npu sniffer filter selector 1 # diagnose npu sniffer filter intf port8 # diagnose npu sniffer filter dir both # diagnose npu sniffer filter dir 2 # diagnose npu sniffer filter protocol 6 # diagnose npu sniffer filter dstip 193.108.213.15
To capture both incoming and outgoing traffic from 1 IP address, above two filters are defined with same IP as source and destination respectively.
After setting filters, it can be verified with below command:
With below command packets hitting to the filter are started to be copied to npudbg interface:
# diagnose npu sniffer start
After NPU sniffer is started, packets can be captured through npudbg interface with usual '# diagnose sniffer packet' command and usual filters can be used as well:
After trace is collected, it is very important to stop npu sniffer with below command:
# diagnose npu sniffer stop
In addition, previously set npu filter can be cleared as well:
# diagnose npu sniffer filter clear |
