Solved: Cppcap - exit after X files? - Page 2 - Check Point CheckMates

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

WATCH NOW

Harmony Endpoint:
Packing a Punch in 2024

Register Now

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
The Difference Is In The Details

LISTEN NOW

Hello,

While troubleshooting an issue for a customer I had to collect a bunch of traffic and I tried to use cppcap but have a few questions that I just want check if anyone else has seen and solved somehow.

The issue I was troubleshooting required me to collect traffic over a long period. While setting up the capture I was looking for a way to automatically exit after having saved X amount of data. As far as I could see, the only option was

-b <NUM>

capture NUM bytes before stopping

but to the best of my understanding this is a counter of collected data on the wire, not amount of data saved to a file...

Has anyone found a way of collecting (for example) 10 files, each 1GB large and then exit?

-w <FMT>	file size limit with rotation followed by 'K'ilo,'M'ega or 'G'iga. Default is bytes
-W <NUM>	use up to NUM files with rotation (use with '-w')

-w and -W will limit size and number of files but it will rotate forever and not exit after reaching the value of -W.

Also, if using -I to capture on multiple interfaces, is there afterwards any reference to the interface on which the packet was captured?

Cheers

Reference:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

8 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

User

Count

23

11

10

6

5

4

4

3

3

3

Upcoming Events

Sort by:

In-Person

Tue 14 May 2024 @ 10:00 AM (CEST)

CheckMates Live Sweden - Troubleshooting Workshop

Thu 16 May 2024 @ 10:00 AM (CEST)

EMEA: Playblocks & MS Defender – Security Automation DeepDive into New Endpoint Integration

Virtual

Thu 16 May 2024 @ 04:00 PM (CEST)

CheckMates Live DACH - ACHTUNG, Sie werden gehackt! So schützen Sie sich!

Thu 16 May 2024 @ 05:00 PM (CEST)

Americas: Playblocks & MS Defender – Security Automation DeepDive into New Endpoint Integration

Virtual

Fri 17 May 2024 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 26: ElasticXL & VSNext Description

Virtual

Tue 21 May 2024 @ 10:00 AM (CEST)

CheckMates Live DACH - Einführung in Check Points Hyperscalinglösung - Quantum Maestro

Virtual

Thu 16 May 2024 @ 04:00 PM (CEST)

CheckMates Live DACH - ACHTUNG, Sie werden gehackt! So schützen Sie sich!

Virtual

Fri 17 May 2024 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 26: ElasticXL & VSNext Description

Virtual

Tue 21 May 2024 @ 10:00 AM (CEST)

CheckMates Live DACH - Einführung in Check Points Hyperscalinglösung - Quantum Maestro

Virtual

Tue 21 May 2024 @ 02:00 PM (CDT)

East US: APIs, Scripts, and Automation – Oh My!

Virtual

Wed 22 May 2024 @ 05:00 PM (CEST)

Harmony End Point – Packing a Punch in 2024

Virtual

Tue 28 May 2024 @ 10:00 AM (AEST)

APAC: Introduction to Quantum Maestro Hyperscale Platform

In-Person

Tue 14 May 2024 @ 10:00 AM (CEST)

CheckMates Live Sweden - Troubleshooting Workshop

CheckMates Events