cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

find trafic in 750 appliance

hello

I have 750 appliance  And I want to find who takes me the most bandwidth.

In: Active computers - Start Traffic Monitoring

I see the traffic of all computers since the firewall is turned on

Is there another way to find bandwidth usage now?

I tried downloading a packet in: Tools - Paket Capture

I went in to save the packets, but it only keeps 500kb, which is less than a second of traffic

Is it possible to save  all the network's traffic for more time?

Thank you

0 Kudos
12 Replies
Admin
Admin

Re: find trafic in 750 appliance

There is limited storage space on the 750, which is why the packet capture limit is so small.

You could probably save more to a USB drive from expert mode using the tcpdump command.

0 Kudos

Re: find trafic in 750 appliance

How to use tcpdump?

Is this a computer connected to one of the lan?

Through tcpdump you can also check the speed of traffic?
Or will I still need to use the wireshark with the file I'm creating?

Thanks

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

tcpdump is a command you can run on the 750 via the CLI in expert mode.

It's a standard Unix command.

You would then download the pcap file and, if you prefer, look in Wireshark or any other offline tool.

The following might be helpful if you've never used tcpdump before:

[tool] - https://tcpdump101.com

0 Kudos

Re: find trafic in 750 appliance

I do this from any computer connected to the network

Or from a computer connected to a special place?

Thank you very much

It helps me a lot

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

Like I said, you run the command from the CLI.

You do that either from an SSH session (can be from anywhere) or a Console connection, which requires a direct serial/USB connection to the appliance.

0 Kudos

Re: find trafic in 750 appliance

Sorry

I still did not understand

If I run tcpdump from one of the computers it will create me a traffic file just for this computer

So how do I connect the computer that it will receive all the traffic?

I did not understand how to run the cli via ssh, and then run the tcpdump

Can I explain this or a guide?

Thank you

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

You are trying to run tcpdump on the 750 appliance itself.

To do that, you need to reach the CLI of the device.

You can access the CLI using:

  • SSH (using a client like putty from a PC)
  • A USB/Serial connection to the device (putty can also use a serial connection).

Once you get there, you can run tcpdump with the appropriate options.

I highly recommend reviewing the product documentation: Check Point 700/900 Appliances R77.20.81 Administration Guide 

You may also want to consult with someone from your local Check Point office or partner.

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

You can definitely see who is using large amounts of bandwidth in the last hour, though.

This requires using Identity Awareness.

0 Kudos

Re: find trafic in 750 appliance

This only works if I set a user for each Ip

It does not show by ip or computer's name

In applications  it is impossible to know which computer is using the specific software

For example, if I found that there is a big use of windows update

I can not tell which computer it is

Thanks

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

If you're logging applications, you should be able to tell which computers are using Windows Update, though.

0 Kudos

Re: find trafic in 750 appliance

in applications

He shows me only the software, not some computer

Could it be that  he show me the computers only if i write the user on router?

0 Kudos
Admin
Admin

Re: find trafic in 750 appliance

You should be able to look at the logs and find the people using those specific applications.

0 Kudos