Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kobilevi
Participant

Tcpdump + Zdebug

Hi Checkmates !

I wanted to know if Checkpoint has a complete guide to tcpdump and zdebug

Anyone know of one?
Thanks

0 Kudos
7 Replies
the_rock
Legend
Legend

Can you explain please? What kind of guide? You can refer to below

https://gist.github.com/tuxfight3r/9ac030cb0d707bb446c7

 

 

0 Kudos
kobilevi
Participant

hi

Hi I am looking for a complete guide for beginners to zdebug and tcpdump for checkpoint gateways 

0 Kudos
the_rock
Legend
Legend

Just google it, bunch of links come up with useful flags.

0 Kudos
Oliver_Fink
Advisor

Maybe you want to use cppcap instead of tcpdump. Have a look at sk141412: cppcap - A Check Point Traffic Capture Tool

It uses pcap-filter(7) as syntax and has no hassle with SecureXL.

0 Kudos
G_W_Albrecht
Legend
Legend

tcpdump is not a CP software 😉

sk100808: How to use " fw ctl zdebug" command

sk30583: What is FW Monitor?

 

CCSE CCTE CCSM SMB Specialist
Timothy_Hall
Champion
Champion

You may want to check out my 2021 CPX presentation here which summarizes the packet capturing options on Check Point:

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/member-exclusives/484/2/CPX_Preso...

This presentation was derived from my self-guided video series "Max Capture: Know Your Packets" which thoroughly covers all the packet capture tools including tcpdump along with fw ctl zdebug + drop as well.  There are also free updates to the original class available here:

Max Capture Update 1: Taking "Triggered" Packet Captures

Max Capture Update 2: Debug Filter Battle -- fw monitor -F vs. fw ctl zdebug + drop

New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com