This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
hezi_angel
Explorer
‎2019-03-29 04:49 AM

Save log from putty

I have 750 applications checkpoint

 

And go to the cli from putty

I won't to run tcpdump and save the file on my local pc 

Like:

Tcpdump c:\checkpoint

How  i can save it?

0 Kudos
Reply
9 Replies
PhoneBoy
Admin
Admin
‎2019-03-29 06:29 AM

When you run tcpdump on a 750 (or any appliance), if you specify an output file, it is stored on that appliance.
If you want that output file transferred to your PC, you will have to transfer that output file as a separate step using something other than putty (e.g. WinSCP).
Keep in mind the storage space on a 750 is relatively small, which means you won't be able to do a long-term capture.
0 Kudos
Reply
hezi_angel
Explorer
‎2019-03-29 06:36 AM
In response to PhoneBoy

Thanks

 

So if i won't to wireshark the trafic 

I can't do this with 750?

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-03-29 08:47 AM
In response to hezi_angel

Packet captures require storage space, which the 750 does not have a lot of. For anything more than a few minutes, you will probably need to have a MicroSD card installed to write the packet captures to.

A command line like:

tcpdump -i LAN1 -w /mnt/sd/capture.pcap

would write the pcap file to the MicroSD storage.

To copy the files off the appliance using WinSCP, you need to enable the bash user as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Reply
JozkoMrkvicka
Leader
Leader
‎2019-03-29 12:41 PM
In response to PhoneBoy

You can record all your work within Putty.

That said, you can run tcpdump without output to the file (just print to the screen) and then just copy and paste from putty session log file.

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
hezi_angel
Explorer
‎2019-04-01 09:20 PM
In response to JozkoMrkvicka

Thanks jt's work.

But i can't open the file in WIRESHARK.

The file don't match.

 

Another question 

How i can run TCPDUMP for all the lan

I have 3 different lan

I run the script

TCPDUMP -i lan1 

 

And i get only the traffic on lan1

If I want to get all 3 lan in the log

What i need to write?

Thanks 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-04-02 07:27 AM
In response to hezi_angel

tcpdump only allows you to get traffic from one interface at a time.
However, unless you've got your LAN ports set on different networks, it should be sufficient to just get LAN1 as that should get them all.
If that's not happening, you can check with ifconfig what "bridge" interface to use (should be br0) and use that interface instead.

If the LAN interfaces are truly on different networks, then you'll have to execute multiple tcpdump commands.
0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2019-04-02 11:06 AM
In response to hezi_angel

There is no way to do that with tcpdump, you cannot use a screendump to move it to Wireshark, you need a raw file for that.
The only way to capture traffic from multiple interfaces is by using fw monitor and write to a file.
Regards, Maarten
0 Kudos
Reply
JozkoMrkvicka
Leader
Leader
‎2019-04-02 11:10 AM
In response to Maarten_Sjouw

In fact, there is a way how to monitor all traffic via tcpdump:

tcpdump -i any <YOUR_FILTER>

This will scan all interfaces (included VLANs) to match your filter settings.

 

Or just duplicate windows and perform tcpdump on separated interfaces in each session.

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-04-02 02:21 PM
In response to JozkoMrkvicka

That might get some duplicate traffic, though.
0 Kudos
Reply