Check Point WAF TechTalk:
Introduction and New Features
AI Security Masters E6: When AI Goes Wrong -
Hallucinations, Jailbreaks, and the Curious Behavior of AI Agents
Ink Dragon: A Major Nation-State Campaign
Watch HereAI Security Masters E5:
Powering Prevention: The AI Driving Check Point’s ThreatCloud
CheckMates Go:
CheckMates Fest
An interactive wrapper script for Check Point's cppcap tool that simplifies packet capture operations on Security Gateways and Management Servers.
This script guides you through all available cppcap options interactively, eliminating the need to remember complex command-line syntax.
Copy the script to your Check Point Gateway/SMS and make it executable:
# Copy script to gateway
scp cppcap_helper.sh admin@<your-gateway>:/home/admin/
# Connect via SSH
ssh admin@<your-gateway>
# Switch to Expert mode
expert
# Make script executable
chmod +x cppcap_helper.sh
# Run the script
./cppcap_helper.shBefore: Complex command-line syntax
cppcap -i eth0 -f 'src host 10.1.1.1 and dst net 192.168.0.0/16 and tcp and port 443' \
-c 0 -p 1000 -o /var/log/capture.pcap -w 100M -W 10After: Just run the script and answer a few simple questions!
./cppcap_helper.shVincent Bacher
Feel free to share feedback or suggestions for improvements in this thread!
# ./cppcap_helper.sh
================================================
Check Point CPPCAP - Interactive Helper
================================================
ℹ Press ENTER to skip any option (use default/none)
=== Interface Configuration ===
ℹ Available interfaces (UP only):
- bond0
- bond1
- bond2
- bond3
- eth2-01
- eth2-02
- eth2-03
- eth2-04
- eth3-01
- eth3-02
- eth3-03
- eth3-04
Enter interface name (empty=all interfaces, e.g., eth0, eth1):
ℹ Will capture on ALL interfaces
=== Filter Configuration ===
How do you want to specify the filter? [i/m/n] (i=interactive, m=manual, n=none): i
ℹ Building filter interactively...
Source IP/Network (e.g., 192.168.1.0/24): 10.10.10.0/25
Destination IP/Network (e.g., 10.0.0.1): 1.1.1.1
Protocol [tcp/udp/icmp/arp]: tcp
Port number (leave empty for any): 22
Exclude SSH (port 22)? [Y/n]: n
ℹ Generated filter: src net 10.10.10.0/25 and dst host 1.1.1.1 and tcp and port 22
=== Traffic Direction ===
Capture direction? [B/i/o] (B=both (default), i=inbound, o=outbound):
ℹ Capturing BOTH directions (default)
=== Capture Limits ===
Maximum number of frames to capture (empty=unlimited): 1000
ℹ Will capture max 1000 frames
Maximum bytes to capture total (empty=unlimited): 1000
ℹ Will capture max 1000 bytes total
Maximum bytes per frame [default=96] (0=unlimited):
=== Virtual System Configuration (VSX) ===
Are you running VSX/VSNext? [y/N]:
=== Output Configuration ===
Save to file or display on screen? [f/S] (f=file, S=screen (default)): f
Output file path (e.g., /var/log/capture.pcap or capture.pcap):
⚠ No file specified, using: /home/lalala/cppcap.pcap
Enable file rotation? [y/N]: y
Maximum file size [e.g., 100M, 1G]: 10M
Maximum number of rotated files (e.g., 10): 3
ℹ Will rotate at 10M, keeping 3 files
=== Ready to Execute ===
Command to be executed:
cppcap -i any -f 'src net 10.10.10.0/25 and dst host 1.1.1.1 and tcp and port 22' -p 1000 -b 1000 -o cppcap.pcap -w 10M -W 3
ℹ Output will be saved to: cppcap.pcap
ℹ You can analyze it later with: tcpdump -r cppcap.pcap
Execute this command? [Y/n]:
An interactive wrapper script for Check Point's cppcap tool that simplifies packet capture operations on Security Gateways and Management Servers.
This script guides you through all available cppcap options interactively, eliminating the need to remember complex command-line syntax.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY