CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We've already had our first sign-ups!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 6/9, 7/14, 8/25, 10/6, 11/3, 12/8.
3. We have new forums in Portuguese and German (see below).
4. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
5. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page fw monitor help
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 4 Days Ago
rn4it rn4it is offline
Junior Member
  
Join Date: 2005-12-16
Posts: 1
rn4it has an average reputation (10+)
Default fw monitor help
I need to confirm that our email is being encypted betwee us and a business partner. So in my captures I need to be able to view the message body of the emails. Here are the cmds I'm usings.

fw monitor -e "accept (dst = mailsvr ip or src = mailsvr ip);" -o smtp.txt
fw monitor -e "accept (dport = 25);" -o smtp.txt

I'm seeing the session build and tear down but not the data.

any ideas??

thanks
John
Reply With Quote
  #2 (permalink)  
Old 1 Day Ago
Yasushi Kono Yasushi Kono is offline
Member
  
Join Date: 2006-10-03
Location: Offenbach/ Germany
Posts: 91
Yasushi Kono has an average reputation (10+)
Default Re: fw monitor help
Hello John,

you have to specify which portion of the packets to be included in your output file. So, for instance, by

fw monitor -x 40,400

which is the same as

fw monitor -l 400 -x 40

This expression means: the next 400 Bytes after leaving out the first 40 ones. I tried it with FTP without VPN or any encryption and you could read the payload of an ASCII document on the command line of the firewall.

I hope I could help you.

Kind regards,
Yasushi
Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 22:08.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0