tcpdump SuperTool

Danny — Mon, 09 Feb 2026 12:40:14 GMT

🚀 Interactively builds up the correct syntax to run tcpdump.
⭐ Supports wildcards for IP addresses and interface names
🎓 Supports g_tcpdump on Scalable Platforms
👍 Also available for fw monitor

One-liner (Bash) to assist running tcpdump on Check Point Gaia systems.
In expert mode run:

if [[ -f /etc/cp-release ]];then echo;if command -v tput &>/dev/null;then _tb(){ tput bold;};_tr(){ tput sgr0;};_tc(){ tput setaf "$1";};_tbg(){ tput setab "$1";};else _tb(){ :;};_tr(){ :;};_tc(){ :;};_tbg(){ :;};fi;printf '%.s-' {1..60};echo;echo ' tcpdump SuperTool for Check Point Gaia';printf '%.s-' {1..60};echo;echo;_m=0;command -v g_tcpdump &>/dev/null&&_m=1&&_tc 3&&echo ' Maestro/ElasticXL detected - will use g_tcpdump'&&_tr&&echo;_tb;echo -n ' Add host IPs ';_tr;echo -n '(leave empty for any): ';read _h;_vh=();_vht=();case $_h in '')echo -n ' any ';_tc 2;echo OK;_tr;;*)_h=($(echo $_h|tr ',;:|()#<>' ' '|tr -s ' '));for a in ${_h[@]};do if [[ $a == *'*'* ]];then _w=$(echo $a|sed 's/\.\*//g');_oc=$(echo $_w|tr '.' '\n'|wc -l);_ok=1;for _o in $(echo $_w|tr '.' ' ');do [[ $_o =~ ^[0-9]+$ ]]&&[[ $_o -ge 0 ]]&&[[ $_o -le 255 ]]||_ok=0;done;if [[ $_ok == 1 ]];then case $_oc in 1)_net=$_w'.0.0.0/8';;2)_net=$_w'.0.0/16';;3)_net=$_w'.0/24';;*)_ok=0;;esac;fi;if [[ $_ok == 1 ]];then echo -n ' '$a' -> '$_net' ';_tc 2;echo OK;_tr;_vh+=("$_net");_vht+=('net');else echo -n ' '$a' ';_tc 1;echo 'Bad syntax';_tr;fi;elif [[ $(ipcalc -ms $a 2>/dev/null) == *'='* ]]&&[[ $a == *'.'* ]];then echo -n ' '$a' ';_tc 2;echo OK;_tr;_vh+=("$a");_vht+=('host');else echo -n ' '$a' ';_tc 1;echo 'Bad syntax';_tr;fi;done;[[ ${#_vh[@]} == 0 ]]&&_tc 3&&echo ' Falling back to: any'&&_tr;;esac;echo;_tb;echo -n ' Add ports ';_tr;echo -n '(leave empty for any): ';read _p;_vp=();case $_p in '')echo -n ' any ';_tc 2;echo OK;_tr;;*)_p=($(echo $_p|tr ',;:|()#<>' ' '|tr -s ' '));for a in ${_p[@]};do if [[ $a != *[^0-9]* ]];then echo -n ' '$a' ';_tc 2;echo OK;_tr;_vp+=("$a");else echo -n ' '$a' ';_tc 1;echo 'Bad syntax';_tr;fi;done;[[ ${#_vp[@]} == 0 ]]&&_tc 3&&echo ' Falling back to: any'&&_tr;;esac;echo;_tb;echo -n ' Add protocol ';_tr;echo -n '(tcp, udp, icmp): ';read _pr;_vpr=();case $_pr in '')echo -n ' any ';_tc 2;echo OK;_tr;;*)_pr=($(echo $_pr|tr ',;:|()#<>' ' '|tr -s ' '));for a in ${_pr[@]};do case $a in tcp|udp|icmp)echo -n ' '$a' ';_tc 2;echo OK;_tr;_vpr+=("$a");;*)echo -n ' '$a' ';_tc 1;echo 'Unknown protocol';_tr;;esac;done;[[ ${#_vpr[@]} == 0 ]]&&_tc 3&&echo ' Falling back to: any'&&_tr;;esac;echo;if [[ $_m == 1 ]];then _ifc=$(cpstat os -f ifconfig|grep '|'|cut -f2 -d'|'|tail -n +2|tr -d ' '|sort -V);else _ifc=$(ip link show|awk -F': ' '/^[0-9]+:/{print $2}'|grep -v lo|sed 's/@.*//'|sort -V);fi;_tc 6;echo -n ' Available interfaces: ';echo $_ifc|tr '\n' ' ';echo;_tr;_tb;echo -n ' Capture interface ';_tr;echo -n '(leave empty for any): ';read _i;if [[ -n $_i ]];then if [[ $_i == *'*'* ]];then _im=$(echo "$_ifc"|grep "^${_i//\*/.*}$");if [[ -n $_im ]];then _tc 2;echo -n ' Matching: ';_tr;echo $_im|tr '\n' ' ';echo;else echo -n ' '$_i' ';_tc 1;echo 'No matching interface';_tr;_i='';_tc 3;echo ' Falling back to: any';_tr;fi;elif echo "$_ifc"|grep -qx "$_i";then _tc 2;echo -n ' Interface: ';_tr;echo $_i;else echo -n ' '$_i' ';_tc 1;echo 'Invalid interface';_tr;_i='';_tc 3;echo ' Falling back to: any';_tr;fi;else _tc 2;echo ' Any interface';_tr;fi;echo;_tb;echo -n ' Number of packets ';_tr;echo -n '(leave empty for unlimited): ';read _n;if [[ -n $_n ]];then if [[ $_n =~ ^[0-9]+$ ]];then _tc 2;echo -n ' Capturing ';_tr;echo -n $_n;echo ' packets';else echo -n ' '$_n' ';_tc 1;echo 'Bad syntax';_tr;_n='';_tc 3;echo ' Falling back to: unlimited';_tr;fi;else _tc 3;echo ' Unlimited capture (use Ctrl+C to stop)';_tr;fi;echo;_tb;echo -n ' Capture to file ';_tr;echo -n '(leave empty for stdout): ';read _f;[[ -n $_f ]]&&_tc 2&&echo -n ' Saving to: '&&_tr&&echo '/var/log/'$_f||{ _tc 2;echo ' Output to CLI';_tr;};echo;_ts='';if [[ -z $_f ]];then _tb;echo -n ' Timestamp format ';_tr;echo -n '(1=absolute, 2=delta, 3=epoch, default=standard): ';read _ts;case $_ts in 1)_tc 2;echo ' Absolute (yyyy-mm-dd hh:mm:ss)';_tr;;2)_tc 2;echo ' Delta from first packet';_tr;;3)_tc 2;echo ' Unix epoch';_tr;;'')_tc 2;echo ' Standard';_tr;;*)echo -n ' '$_ts' ';_tc 1;echo 'Invalid option';_tr;_ts='';_tc 3;echo ' Falling back to: standard';_tr;;esac;echo;fi;_tb;echo -n ' Verbose output ';_tr;echo -n '(y/n, default=n): ';read _v;if [[ -z $_v||$_v == 'n'||$_v == 'N' ]];then _tc 2;echo ' Verbose: off';_tr;_v='';elif [[ $_v == 'y'||$_v == 'Y' ]];then _tc 2;echo ' Verbose: on';_tr;else echo -n ' '$_v' ';_tc 1;echo 'Invalid input';_tr;_v='';_tc 3;echo ' Falling back to: off';_tr;fi;echo;printf '%.s-' {1..60};echo;_tbg 1;_tc 7;_tb;echo -n ' Executing? ';_tr;echo -n ' Press ENTER to run, any other key to abort...';[[ $_m == 1 ]]&&_r='g_tcpdump'||_r='tcpdump';[[ $_v == 'y'||$_v == 'Y' ]]&&_r+=' -vv';case $_ts in 1)_r+=' -tttt';;2)_r+=' -ttttt';;3)_r+=' -tt';;esac;[[ -n $_i ]]&&_r+=' -nni '$_i||_r+=' -nni any';[[ -n $_n ]]&&[[ $_n =~ ^[0-9]+$ ]]&&_r+=' -c '$_n;[[ -n $_f ]]&&_r+=' -w /var/log/'$_f;_fl='';if [[ ${#_vh[@]} -gt 0||${#_vp[@]} -gt 0||${#_vpr[@]} -gt 0 ]];then if [[ $_m == 1 ]];then _lp='$';_rp='$';_qq="\'";else _lp='(';_rp=')';_qq="'";fi;_fl+=$_qq;if [[ ${#_vh[@]} -gt 0 ]];then [[ ${#_vh[@]} -gt 1 ]]&&_fl+=$_lp;for i in "${!_vh[@]}";do _fl+=${_vht[$i]}' '${_vh[$i]};[[ $i -lt $((${#_vh[@]}-1)) ]]&&_fl+=' or ';done;[[ ${#_vh[@]} -gt 1 ]]&&_fl+=$_rp;fi;[[ ${#_vh[@]} -gt 0&&${#_vp[@]} -gt 0 ]]&&_fl+=' and ';if [[ ${#_vp[@]} -gt 0 ]];then [[ ${#_vp[@]} -gt 1 ]]&&_fl+=$_lp;for i in "${!_vp[@]}";do _fl+='port '${_vp[$i]};[[ $i -lt $((${#_vp[@]}-1)) ]]&&_fl+=' or ';done;[[ ${#_vp[@]} -gt 1 ]]&&_fl+=$_rp;fi;[[ ${#_vh[@]} -gt 0||${#_vp[@]} -gt 0 ]]&&[[ ${#_vpr[@]} -gt 0 ]]&&_fl+=' and ';if [[ ${#_vpr[@]} -gt 0 ]];then [[ ${#_vpr[@]} -gt 1 ]]&&_fl+=$_lp;for i in "${!_vpr[@]}";do _fl+=${_vpr[$i]};[[ $i -lt $((${#_vpr[@]}-1)) ]]&&_fl+=' or ';done;[[ ${#_vpr[@]} -gt 1 ]]&&_fl+=$_rp;fi;_fl+=$_qq;_r+=' '$_fl;fi;echo;_tb;echo ' Command to execute:';_tr;echo ' '$_r;echo;read -sn1;case $REPLY in '')eval $_r;;*)_tc 1;echo ' Aborted';_tr;;esac;echo;unset _h _p _pr _i _n _f _v _m _r _fl _ifc _vh _vht _vp _vpr _w _oc _ok _o _net _im _ts _lp _rp _qq a i;unset -f _tb _tr _tc _tbg;else echo;echo ' Not a Check Point Gaia system';echo;fi

Re: tcpdump SuperTool

the_rock — Sun, 08 Feb 2026 20:31:22 GMT

Wow Danny, AWESOME! Just tested it on my lab fw, worked like a charm. Fantastic job, as always.

Re: tcpdump SuperTool

Tobit — Mon, 09 Feb 2026 13:09:29 GMT

Tried it on an SMB. Works great.

Thanks for sharing, Danny.

Re: tcpdump SuperTool

Borge_Berg-Olse — Fri, 27 Mar 2026 10:16:29 GMT

Thank you! I took the liberty to convert it to a bash script with the aid of co-pilot. I hope you don´t mind.

topic tcpdump SuperTool in Scripts

tcpdump SuperTool

Re: tcpdump SuperTool

Re: tcpdump SuperTool

Re: tcpdump SuperTool