- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hopefully self-promotion isn't frowned upon but I was suggested to post here. Over the past few years, I've been working on a tool to help people capture packets by allowing users to have a web-based interface to create the commands for them. Today, I've launched the latest version into production which supports "fw monitor" as well as "fw ctl debug" commands. It's located here: https://tcpdump101.com
I'm posting this in the hopes that people will find it useful (it supports tcpdump as well as other vendors) and maybe get some feedback from the community. If you use it, let me know if you find it handy, what you'd like to see improved and if you have any other suggestions.
Thanks,
Sean (Gr@ve_Rose)
You're epic, Marco! ::high-five:: Thanks for the kind words.
Man I love it! Great job.
Regarding kernel debug there is some bug, when you disable all debugs from FW module you get this command.
And no FW module for debugging is active, or I dont know what kind of syntax is this "fw ctl debug -m fw - error"
Thanks for the kind reply. It's actually not a bug - Let me explain:
When performing "fw ctl debug" and making modifications to the module flags (in your example, the "fw" module) you can either add flags (with the + sign) or you can remove flags (with the - sign). Each of these actions (add and remove module flags) must be on their own line which is why we have one line for "fw ctl debug -m $MODULE + $FLAGS" and "fw ctl debug -m $MODULE - $FLAGS)". On each line, you can have as many of the modules turned on or off as you want.
When programming this, the easiest way I found to create these lines was to create an array of the modules (the boxes on the right) and whether or not they were "active" or "inactive". Taking this array, we loop over all the entries and put the specific module flags in their respective line (either "+" or "-") which then updates the command.
The downside to this is that there's no baseline array to compare against so even if you set your debug flags back to their original settings, the commands still appear - It works but it does look a little ugly.
The other thing about the debug boxes is that the current defaults are already highlighted. For example, look at the "kissflow" boxes below:
and compare it against the output from this command:
[Expert@gw-9de5b8:0]# fw ctl debug -m kissflow
Kernel debugging buffer size: 50KB
Module: kissflow
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common
See how the default options of "error warning" are highlighted in the "kissflow" module? This way here, users don't have to turn them on since they're on by default. Only when making changes to a module will the "-m $MODULE +/- $FLAGS" show up.
I hope this clears things up.
Sean (Gr@ve_Rose)
amazing job, thanks
Thanks Valeri Loukine! It was your suggestion to post in this thread that got this all started. Looks like I owe you an Internet beer as well.
No sir, beers are on me. Or Dameon Welch Abernathy, depending on who catches you first
Regarding Kernel Debugs for Check Point:
My suggestion is to add notification (warning) that after debugs are done, end user should use fw ctl debug 0 to reset all kernel debugs.
Ask and ye shall receive. I've also created a subreddit (and linked to it in the page) so that other people (not CheckMates members) can participate in the discussions: https://www.reddit.com/r/tcpdump101/ Of course, I'll still be here doing my best to help out whenever I can, trying to score free beers from random Internet friends.
Great work Sean
Thanks for the kind words, Gaurav Pandya. I hope you find it helpful.
great stuff Sean! very very useful kit
well done YOU!
Thanks Jerry Szpinak! I'm glad you think it's useful and hopefully it helps you (and others).
This is wonderful Sean Murray-Ford! I really like it and possibility to download and use offline is super!
You're wonderful, Petr Hantak! I wanted to make sure that it was written in "flat" languages so I used HTML, JavaScript and CSS so that people could use it offline without the need to have a server or even Internet connectivity. It's why I stayed away from jQuery since, usually, it's an external include to the library. I hope you find it useful.
You choose very good solution combination. HTML, JavaScript and CSS works almost everywhere and almost all mobile devices hasn't got problem with it as well.
This is a great tool! I've been playing around with it for a bit and a couple thoughts:
Thanks for your work on this. It is an awesome tool! I'll be recommending it to my peers!
Thanks Phillip Runner for the great reply and suggestions!
Thanks again for the great suggestions and I'm glad you find it helpful.
Great work! Congrats!
Thanks for the kind words, Danilo Lara! I hope you (and others) find it helpful.
Thank you for sharing.. I will certainly check it out and provide feedback after some use.
Stay well.
-DL
And thanks to you, Diego Lopez, for the reply. I look forward to your feedback and hope you find it useful.
Great tool
It's the simple way to freeze the brain 😛 ... stop with keeping the command line in the own mind
LOL
Thanks for the kind words, Gianluca Giordano! I hope you find it useful.
Hey everyone. I've made some small changes, most of which stem from great suggestions coming from this thread!
I'm going to start working on the next UI iteration which will look more streamlined and allow me to add in more features which have been suggested here and other places. You'll be able to follow along at http://dev.tcpdump101.com once I get a baseline created and hosted.
I'm always open to suggestions and will continue to maintain the existing version so if you have more you'd like to see or want to provide any feedback, please let me know either here, through Twitter @Grave_Rose or on the /r/tcpdump101 subReddit.
Again, thanks to everyone for the suggestions and, in all honesty, the great reception - It means a lot to me to know that something I've created is helping people learn.
Sean (Gr@ve_Rose)
Keep up the good job, Sean Murray-Ford, we appreciate your efforts deeply.
Hi Sean Murray-Ford,
Great work on the latest update !
My next suggestions and remarks:
1. Freeze output lines to be on the top of the screen. It is really hard to show all options available and see what you have already setup. You need to scroll to the beginning of the page to see result.
2. Why there is horizontal scroll bar ? Only Cisco ASA doesnt have horizontal scroll bar. Scroll bar is also in the Menu.
3. Statement: "Copy not supported on this module. Press Ctrl+C to copy." in kernal debugs for Check Point should be on the same place as is in packet captures page - right after the Highlight command. Add few more empty lines would be also great, to have it even more visible that copy in these 2 cases in not possible (need to press ctrl + c anyway).
4. Hidden option ? This picture (partially visible) of "signal strength" is static and is seen on the bottom of the page during scrolling in the Menu.
Jozko Mrkvicka - Are you a magician because you're reading my mind.
Thanks again for the great suggestions!
Thank you for your comments, really appreciate
Regarding to the point n. 2:
I was checking it on the desktop. Using Chrome and resolution 1440 x 900. Forget to do mobile version - wasting of your time here. All users will visit site on the desktop anyway.
This is really grate tool and this was really helpful to me. thanks for your effort and time.
Thanks for the kind words, Dhananja Kariyawasam! I'm glad you find it useful. With positive encouragement from the Network/NetSec communities as well as good feedback on how to make it better, I'm hoping to add more features and make it more functional for everyone to learn packet captures!
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY