This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Martin_Hofbauer
Contributor
Contributor
‎2020-10-05 07:50 AM

Filter syntax for g_tcpdump required when mixing "and" and "or"

in tcpdump in bash following works as expected:

 

# tcpdump -i eth0 host A and host B and \(port C or port D\)

( round brackets ensure, that the "or" statement is only valid for the port numbers )

 

But I was not able to figure out howto do it with "g_tcpdump" to have the same results.

Any ideas ?

 

0 Kudos
3 Replies
Anatoly
Employee
Employee
‎2020-10-07 10:51 PM

Hi,

It should be the same as tcpdump, just g_. If it doesn't work, try to do g_all tcpdump ….

 

Thanks

 

Anatoly

0 Kudos
HeikoAnkenbrand
MVP Gold
MVP Gold
‎2020-10-07 11:20 PM
In response to Anatoly

Hi @Anatoly 

in principle, the difference is clear to me. "g_all" executes the commands on all SGMs.

Is there a technical difference between "g_tcpdump" and "g_all tcpdump".

PS:
With  "g_tcpdump" filters I can also see that some things do not work 100% correct.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Anatoly
Employee
Employee
‎2020-10-07 11:23 PM
In response to HeikoAnkenbrand

g_tcpdump and g_all tcpdump should be the same. However, since g_tcpdump has been developed as separate command, some differences may apply.

Please open support ticket if it's critical, if not - just use g_all tcpdump

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events