Bring Your CloudMates!
Key Insights for Reducing
the Cost of a Data Breach
CheckMates Go:
The Truth is in the Middle
Remote and Hybrid Work
Security Report
End of Support Policy Update
For R80.10 Release
Appliance: 23800
Version R80.10 Jumbo Hotfix 56
Recently learned the hard way that running tcpdump causes the system to reboot - happened multiple times. At first we thought it was because we ran it without a filter so it overwhelmed the box, however, even with a filter after about a minute the box fails over.
Wondering if anyone has run into this??
P.S. Yes I've opened a case just reaching out to the general public see if anyone has experienced anything similar. This is impacting a very large deployment.
--Juan
XBensemhoun
Did you tried tcpdump on root context or on the desired one?
Did you tried fw monitor?
The fw monitor works without issue – with tcpdump doesn’t matter what context you run it from, after a minute or so the box reboots – no messaging or anything it’s rebooting your session just hangs.
--Juan
XBensemhoun
OK ; weird 
I do not have the answer but I can surely recommend you to use fw monitor instead of tcpdump.
Note (if needed) that you can also export fw monitor trace files in Wireshark (refer to How to configure Wireshark for analysis of FW Monitor captures )
Also if needed: check What is FW Monitor?
tcpdump is useful in some scenarios as it captures traffic before the firewall kernel.
Thanks,
Juan Concepcion
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY