- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Save log from putty
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Save log from putty
I have 750 applications checkpoint
And go to the cli from putty
I won't to run tcpdump and save the file on my local pc
Like:
Tcpdump c:\checkpoint
How i can save it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want that output file transferred to your PC, you will have to transfer that output file as a separate step using something other than putty (e.g. WinSCP).
Keep in mind the storage space on a 750 is relatively small, which means you won't be able to do a long-term capture.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks
So if i won't to wireshark the trafic
I can't do this with 750?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Packet captures require storage space, which the 750 does not have a lot of. For anything more than a few minutes, you will probably need to have a MicroSD card installed to write the packet captures to.
A command line like:
tcpdump -i LAN1 -w /mnt/sd/capture.pcap
would write the pcap file to the MicroSD storage.
To copy the files off the appliance using WinSCP, you need to enable the bash user as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can record all your work within Putty.
That said, you can run tcpdump without output to the file (just print to the screen) and then just copy and paste from putty session log file.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks jt's work.
But i can't open the file in WIRESHARK.
The file don't match.
Another question
How i can run TCPDUMP for all the lan
I have 3 different lan
I run the script
TCPDUMP -i lan1
And i get only the traffic on lan1
If I want to get all 3 lan in the log
What i need to write?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
However, unless you've got your LAN ports set on different networks, it should be sufficient to just get LAN1 as that should get them all.
If that's not happening, you can check with ifconfig what "bridge" interface to use (should be br0) and use that interface instead.
If the LAN interfaces are truly on different networks, then you'll have to execute multiple tcpdump commands.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only way to capture traffic from multiple interfaces is by using fw monitor and write to a file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In fact, there is a way how to monitor all traffic via tcpdump:
tcpdump -i any <YOUR_FILTER>
This will scan all interfaces (included VLANs) to match your filter settings.
Or just duplicate windows and perform tcpdump on separated interfaces in each session.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content