https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8896#M1127 <HTML><HEAD></HEAD><BODY><P>There's not a built-in tool for this.</P><P>That said, I assume you could replay the packet capture using an external system with something like tcpreplay.</P></BODY></HTML> Fri, 03 Nov 2017 07:11:35 GMT PhoneBoy 2017-11-03T07:11:35Z https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8895#M1126 <HTML><HEAD></HEAD><BODY><P>Is it possible to use the Check Point gateway to retrospectively analyse a pcap/tcpdump file to detect threats in the same way you might use the security checkup on "live" data?</P></BODY></HTML> Thu, 02 Nov 2017 11:24:41 GMT https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8895#M1126 Iain_Wadds 2017-11-02T11:24:41Z https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8896#M1127 <HTML><HEAD></HEAD><BODY><P>There's not a built-in tool for this.</P><P>That said, I assume you could replay the packet capture using an external system with something like tcpreplay.</P></BODY></HTML> Fri, 03 Nov 2017 07:11:35 GMT https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8896#M1127 PhoneBoy 2017-11-03T07:11:35Z https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8897#M1128 <HTML><HEAD></HEAD><BODY><P>If you happen to own a box that can read PCAP then you can learn from the replay.</P><P></P><P>I sometimes put a PCAP file in my labs Security Analytics box with 3 AV scanner and so on and it can show some interresting things. But most PCAP files in a firewall are too small to learn much.</P></BODY></HTML> Mon, 06 Nov 2017 15:25:13 GMT https://community.checkpoint.com/t5/General-Topics/PCAP-analysis/m-p/8897#M1128 Hugo_vd_Kooij 2017-11-06T15:25:13Z