Search This Blog

Tuesday, September 1, 2009

Checkpoint fw monitor

a command line to capture packets in Checkpoint:

fw monitor -m i -e "accept [20:2,b]=445 or [22:2,b]=445;" -o monitor.cap -ci 10 -co 10

will save 10 packets on port 445 in the file monitor.cap.

You can upload it using tftp from Checkpoint to another server and analyse it with wireshark.

However my preference is to set switch monitoring of the port to another port and use Microsoft Network monitor 3.3 to capture packets.

No comments: