Packet capture in Firewall Logs?

jchrisos · #1 (**permalink**) 2006-09-26

Is there an option or a way to capture a packet(s) for each event in the SmartView Tracker logs?

kva.kva · #2 (**permalink**) 2006-09-26

Command "fw monitor"?

jchrisos · #3 (**permalink**) 2006-09-26

Quote:

Originally Posted by kva.kva

Command "fw monitor"?

Thanks for the reply. Where do you issue this command? Will it allow packet captures to show up in SmartView Tracker?

Thanks again!

david · #4 (**permalink**) 2006-09-26

fw monitor is a command line utility.
are you wanting to open a capture file to view in smartracker? this is not possible.

you can use tcpdump & redirect the output to a file, then open with a tool such as ethereal to view/analyse 'offline'

jchrisos · #5 (**permalink**) 2006-09-26

Quote:

Originally Posted by david

fw monitor is a command line utility.
are you wanting to open a capture file to view in smartracker? this is not possible.

you can use tcpdump & redirect the output to a file, then open with a tool such as ethereal to view/analyse 'offline'

I was looking more for packet(s) related to an event that was dropped and thus shows up in my logs.

For example, lets say I deny outbound http access and log the drops. Then a user went to www.google.com. I would like to be able to see the actual packet of the http fetch to www.google.com from this user.

Is that possible?

Thanks for the reply btw.

Porter · #6 (**permalink**) 2006-09-26

http://checkpoint.com/techsupport/do...nitor%20pdf%22

fw monitor shows you everthing

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode