cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

PCAP analysis

Is it possible to use the Check Point gateway to retrospectively analyse a pcap/tcpdump file to detect threats in the same way you might use the security checkup on "live" data?

Tags (2)
0 Kudos
2 Replies
Admin
Admin

Re: PCAP analysis

There's not a built-in tool for this.

That said, I assume you could replay the packet capture using an external system with something like tcpreplay.

0 Kudos

Re: PCAP analysis

If you happen to own a box that can read PCAP then you can learn from the replay.

I sometimes put a PCAP file in my labs Security Analytics box with 3 AV scanner and so on and it can show some interresting things. But most PCAP files in a firewall are too small to learn much.

0 Kudos