- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Is it possible to use the Check Point gateway to retrospectively analyse a pcap/tcpdump file to detect threats in the same way you might use the security checkup on "live" data?
PhoneBoy
There's not a built-in tool for this.
That said, I assume you could replay the packet capture using an external system with something like tcpreplay.
If you happen to own a box that can read PCAP then you can learn from the replay.
I sometimes put a PCAP file in my labs Security Analytics box with 3 AV scanner and so on and it can show some interresting things. But most PCAP files in a firewall are too small to learn much.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY