CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: Traffic Capture

  1. 2009-08-05 #1
    luisrocha
    luisrocha is offline Member
    Join Date
    2006-04-19
    Posts
    35
    Rep Power
    0

    Default Traffic Capture

    Hi to all,

    Hi have 2 Directors 5016-NE1 and 2 Accelarators 6416, i need to capture traffic using tcpdump, fwmonitor whathever, can someone help me.

    I have shutdown 1 director and 1 accelerator to force the traffic going to only one director. I access the serial port via root and run a tcpdump and a fwmonitor but cannot see all the traffic (I now this beacause i have a pc connected to a port mirror).

    Additionaly i have disable fwaccell and run it again without success.

    Question, when I need to capture traffic, it must be on the Director or on the Accelarator ? I think is in the Director right ?

    Regards,
    LR
    Reply With Quote Reply With Quote
  2. 2009-08-25 #2
    mohankumar
    mohankumar is offline Junior Member
    Join Date
    2007-03-08
    Posts
    8
    Rep Power
    0

    Default Re: Traffic Capture

    Hi,

    You can use following example for capturing info :

    Login as root and run the following commands:

    For any particular port :

    ascpature -f "port 4404" -p 1
    -f is filter and -p is physical port on accelerator.

    ascpature -f "host 4.2.2.2" -p 1

    Fwmonitor :

    fw monitor -e 'accept ((src=192.168.1.100));'
    Reply With Quote Reply With Quote
  3. 2009-08-25 #3
    mohankumar
    mohankumar is offline Junior Member
    Join Date
    2007-03-08
    Posts
    8
    Rep Power
    0

    Default Re: Traffic Capture

    tcpdump sometime doesn't work here
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. SIP traffic
    By badbeagle in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2010-11-17, 00:22
  2. R70, and the "build in" packet capture
    By sail4fun in forum SmartView Tracker
    Replies: 2
    Last Post: 2009-06-19, 05:16
  3. How to: SecureClient Debug and Packet Capture
    By lammbo in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2009-03-17, 10:52
  4. One Way VPN Traffic - Possible?
    By Camouflage in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 4
    Last Post: 2007-08-18, 13:04
  5. Packet capture in Firewall Logs?
    By jchrisos in forum SmartView Tracker
    Replies: 5
    Last Post: 2006-09-26, 16:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules