https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7761#M26020 <HTML><HEAD></HEAD><BODY><P>cool <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P>I even more like this one :&nbsp;<A class="link-titled" href="http://hugo.vanderkooij.org/technical/powershell-ad-computers-to-check-point-objects" title="http://hugo.vanderkooij.org/technical/powershell-ad-computers-to-check-point-objects">Hugo's website: PowerShell, AD computers to Check Point objects</A>&nbsp;&nbsp;-&gt;&nbsp;<A class="link-titled" href="https://tkoopman.github.io/psCheckPoint/index.html" title="https://tkoopman.github.io/psCheckPoint/index.html">psCheckPoint Documentation</A>&nbsp;&nbsp;</P></BODY></HTML> Sun, 22 Oct 2017 07:09:39 GMT Ofir_Shikolski 2017-10-22T07:09:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7756#M26015 <HTML><HEAD></HEAD><BODY><P>I write a Wireshark profile to help you with reading `fw monitor` files.</P><P></P><P>I wrote a Dutch description on&nbsp;<A href="http://hugo.vanderkooij.org/technical/wireshark-profiles">Wireshark Profiles</A>&nbsp;and I guess the screenshots will be sufficient help to get you started for those not savvy in Dutch <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>The Short English Version:</P><OL><LI>Create a Dummy personal profile (Name it whatever you like)</LI><LI>In WireShark, Goto Help =&gt; Folders and then proceed to your Personal Configuration directory</LI><LI>Put the ZIP file in the Profiles directory and unpack it.</LI><LI>Now you have your own Check Point profile that has coloring rules and some other smart things.</LI></OL><P></P><P>Feel free to mention any smart tricks with Wireshark you use the speed up reading `fw monitor` files.</P></BODY></HTML> Fri, 20 Oct 2017 07:16:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7756#M26015 Hugo_vd_Kooij 2017-10-20T07:16:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7757#M26016 <HTML><HEAD></HEAD><BODY><P><A href="https://translate.google.com/translate?hl=de&amp;sl=nl&amp;tl=en&amp;u=http%3A%2F%2Fhugo.vanderkooij.org%2Ftechnical%2Fwireshark-profiles">Wireshark Profiles - English version via Google Translate</A></P><P></P><P><STRONG>Related SKs:</STRONG></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk39510">How to configure Wireshark for analysis of FW Monitor captures</A></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk99949">Maximum recommended capture file size for Wireshark</A></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43076">How to work with large traffic capture files</A></P><P></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk30583">What is FW Monitor? </A></P><P><A href="http://downloads.checkpoint.com/dc/download.htm?ID=9068">How to use FW Monitor</A></P><P></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk41104">What happened to Check Point Ethereal (CPEthereal)?</A></P><P><IMG __jive_id="60193" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/60193_pastedImage_1.png" style="width: auto; height: auto;" /></P></BODY></HTML> Fri, 20 Oct 2017 07:44:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7757#M26016 Danny 2017-10-20T07:44:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7758#M26017 <HTML><HEAD></HEAD><BODY><P>&nbsp;<A class="link-titled" href="https://translate.google.com/translate?sl=nl&amp;tl=en&amp;u=http%3A%2F%2Fhugo.vanderkooij.org%2Ftechnical%2Fwireshark-profiles" title="https://translate.google.com/translate?sl=nl&amp;tl=en&amp;u=http%3A%2F%2Fhugo.vanderkooij.org%2Ftechnical%2Fwireshark-profiles">WireShark profiles (Translated by Google)</A>&nbsp;</P><P>If some lines don't make sense in English. .... That's what you get from bot translators.</P><P>You can always try to learn Dutch <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P></BODY></HTML> Fri, 20 Oct 2017 08:02:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7758#M26017 Hugo_vd_Kooij 2017-10-20T08:02:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7759#M26018 <HTML><HEAD></HEAD><BODY><P>Wow, I see my&nbsp;post&nbsp;from 2008 on CPUG found it's way back again....</P></BODY></HTML> Fri, 20 Oct 2017 20:59:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7759#M26018 Maarten_Sjouw 2017-10-20T20:59:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7760#M26019 <HTML><HEAD></HEAD><BODY><P>Been a while since I've seen this.</P></BODY></HTML> Fri, 20 Oct 2017 23:37:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7760#M26019 PhoneBoy 2017-10-20T23:37:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7761#M26020 <HTML><HEAD></HEAD><BODY><P>cool <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P>I even more like this one :&nbsp;<A class="link-titled" href="http://hugo.vanderkooij.org/technical/powershell-ad-computers-to-check-point-objects" title="http://hugo.vanderkooij.org/technical/powershell-ad-computers-to-check-point-objects">Hugo's website: PowerShell, AD computers to Check Point objects</A>&nbsp;&nbsp;-&gt;&nbsp;<A class="link-titled" href="https://tkoopman.github.io/psCheckPoint/index.html" title="https://tkoopman.github.io/psCheckPoint/index.html">psCheckPoint Documentation</A>&nbsp;&nbsp;</P></BODY></HTML> Sun, 22 Oct 2017 07:09:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/7761#M26020 Ofir_Shikolski 2017-10-22T07:09:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/154046#M26021 <P>I found that in the PCAP file we loose something. If you run fw monitor on the screens you can see how things are picked up internally.</P> <P>The first (i) will be part of the performance pack. And then you get a second (i) on the actual core that picks up the packet. On TCP this is only on the SYN packet. But on UDP this happens a lot more.&nbsp;</P> <P>It would be cool if fw monitor could be enhanced to put this information into comments if you use pcapng as output format.</P> <P>Who should we buy strooopwafels to get this into a future version?</P> Thu, 28 Jul 2022 07:46:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/WireShark-profile-for-fw-monitor/m-p/154046#M26021 Hugo_vd_Kooij 2022-07-28T07:46:48Z