https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25464#M1930 <HTML><HEAD></HEAD><BODY><P>tcpdump is a command you can run on the 750 via the CLI in expert mode.</P><P>It's a standard Unix command.</P><P>You would then download the pcap file and, if you prefer, look in Wireshark or any other offline tool.</P><P>The following might be helpful if you've never used tcpdump before:</P><P><A href="https://community.checkpoint.com/message/26028">[tool] - https://tcpdump101.com</A>‌</P></BODY></HTML> Sat, 19 Jan 2019 18:22:47 GMT PhoneBoy 2019-01-19T18:22:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25458#M1924 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">hello</P><P></P><P style="direction: ltr;">I have 750&nbsp;appliance&nbsp; And I want to find who takes me the most bandwidth.</P><P style="direction: ltr;">In: Active computers - Start Traffic Monitoring</P><P style="direction: ltr;">I see the traffic of all computers since the firewall is turned on</P><P style="direction: ltr;">Is there another way to find bandwidth usage now?</P><P style="direction: ltr;">I tried downloading a packet in: Tools - Paket Capture</P><P style="direction: ltr;">I went in to save the packets, but it only keeps 500kb, which is less than a second of traffic</P><P style="direction: ltr;">Is it possible to save&nbsp; all the network's traffic for more time?</P><P style="direction: ltr;">Thank you</P></BODY></HTML> Fri, 18 Jan 2019 06:27:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25458#M1924 hezi_angel 2019-01-18T06:27:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25459#M1925 <HTML><HEAD></HEAD><BODY><P>There is limited storage space on the 750, which is why the packet capture limit is so small.</P><P>You could probably save more to a USB drive from expert mode using the tcpdump command.</P></BODY></HTML> Fri, 18 Jan 2019 19:25:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25459#M1925 PhoneBoy 2019-01-18T19:25:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25460#M1926 <HTML><HEAD></HEAD><BODY><P>You can definitely see who is using large amounts of bandwidth in the last hour, though.</P><P>This requires using Identity Awareness.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/77101_pastedImage_1.png" /></P></BODY></HTML> Fri, 18 Jan 2019 21:45:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25460#M1926 PhoneBoy 2019-01-18T21:45:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25461#M1927 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">How to use tcpdump?</P><P style="direction: ltr;">Is this a computer connected to one of the lan?</P><P style="direction: ltr;"></P><P style="direction: ltr;">Through tcpdump you can also check the speed of traffic?<BR />Or will I still need to use the wireshark with the file I'm creating?</P><P style="direction: ltr;"></P><P style="direction: ltr;">Thanks</P></BODY></HTML> Sat, 19 Jan 2019 17:22:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25461#M1927 hezi_angel 2019-01-19T17:22:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25462#M1928 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">This only works if I set a user for each Ip</P><P style="direction: ltr;">It does not show by ip or computer's name</P><P style="direction: ltr;">In applications&nbsp; it is impossible to know which computer is using the specific software</P><P style="direction: ltr;">For example, if I found that there is a big use of windows update</P><P style="direction: ltr;">I can not tell which computer it is</P><P style="direction: ltr;"></P><P style="direction: ltr;"><SPAN style="color: #333333; background-color: #ffffff;">Thanks</SPAN></P></BODY></HTML> Sat, 19 Jan 2019 17:30:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25462#M1928 hezi_angel 2019-01-19T17:30:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25463#M1929 <HTML><HEAD></HEAD><BODY><P>If you're logging applications, you should be able to tell which computers are using Windows Update, though.</P></BODY></HTML> Sat, 19 Jan 2019 18:20:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25463#M1929 PhoneBoy 2019-01-19T18:20:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25464#M1930 <HTML><HEAD></HEAD><BODY><P>tcpdump is a command you can run on the 750 via the CLI in expert mode.</P><P>It's a standard Unix command.</P><P>You would then download the pcap file and, if you prefer, look in Wireshark or any other offline tool.</P><P>The following might be helpful if you've never used tcpdump before:</P><P><A href="https://community.checkpoint.com/message/26028">[tool] - https://tcpdump101.com</A>‌</P></BODY></HTML> Sat, 19 Jan 2019 18:22:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25464#M1930 PhoneBoy 2019-01-19T18:22:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25465#M1931 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">I do this from any computer connected to the network</P><P style="direction: ltr;">Or from a computer connected to a special place?</P><P style="direction: ltr;">Thank you very much</P><P style="direction: ltr;">It helps me a lot</P></BODY></HTML> Sat, 19 Jan 2019 20:07:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25465#M1931 hezi_angel 2019-01-19T20:07:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25466#M1932 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">in <SPAN style="color: #333333; background-color: #ffffff;">applications</SPAN></P><P style="direction: ltr;">He shows me only the software, not some computer</P><P style="direction: ltr;">Could it be that&nbsp; he show me the computers only if i write the user on router?</P></BODY></HTML> Sat, 19 Jan 2019 20:10:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25466#M1932 hezi_angel 2019-01-19T20:10:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25467#M1933 <HTML><HEAD></HEAD><BODY><P>Like I said, you run the command from the CLI.</P><P>You do that either from an SSH session (can be from anywhere) or a Console connection, which requires a direct serial/USB connection to the appliance.</P></BODY></HTML> Sat, 19 Jan 2019 20:12:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25467#M1933 PhoneBoy 2019-01-19T20:12:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25468#M1934 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;">Sorry</P><P style="direction: ltr;">I still did not understand</P><P style="direction: ltr;">If I run tcpdump from one of the computers it will create me a traffic file just for this computer</P><P style="direction: ltr;">So how do I connect the computer that it will receive all the traffic?</P><P style="direction: ltr;">I did not understand how to run the cli via ssh, and then run the tcpdump</P><P style="direction: ltr;">Can I explain this or a guide?</P><P style="direction: ltr;">Thank you</P></BODY></HTML> Sat, 19 Jan 2019 22:34:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25468#M1934 hezi_angel 2019-01-19T22:34:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25469#M1935 <HTML><HEAD></HEAD><BODY><P>You should be able to look at the logs and find the people using those specific applications.</P></BODY></HTML> Sun, 20 Jan 2019 11:33:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25469#M1935 PhoneBoy 2019-01-20T11:33:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25470#M1936 <HTML><HEAD></HEAD><BODY><P>You are trying to run tcpdump on the 750 appliance itself.</P><P>To do that, you need to reach the CLI of the device.</P><P>You can access the CLI using:</P><UL><LI>SSH (using a client like putty from a PC)</LI><LI>A USB/Serial connection to the device (putty can also use a serial connection).</LI></UL><P>Once you get there, you can run tcpdump with the appropriate options.</P><P></P><P>I highly recommend reviewing the product documentation:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R77.20.81/700_900_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R77.20.81/700_900_AdminGuide/html_frameset.htm">Check Point 700/900 Appliances R77.20.81 Administration Guide</A>&nbsp;</P><P>You may also want to consult with someone from your local Check Point office or partner.</P></BODY></HTML> Sun, 20 Jan 2019 11:46:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/find-trafic-in-750-appliance/m-p/25470#M1936 PhoneBoy 2019-01-20T11:46:52Z