This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hezi_angel
Explorer
‎2019-01-17 10:27 PM

find trafic in 750 appliance

hello

I have 750 appliance  And I want to find who takes me the most bandwidth.

In: Active computers - Start Traffic Monitoring

I see the traffic of all computers since the firewall is turned on

Is there another way to find bandwidth usage now?

I tried downloading a packet in: Tools - Paket Capture

I went in to save the packets, but it only keeps 500kb, which is less than a second of traffic

Is it possible to save  all the network's traffic for more time?

Thank you

0 Kudos
12 Replies
PhoneBoy
Admin
Admin
‎2019-01-18 11:25 AM

There is limited storage space on the 750, which is why the packet capture limit is so small.

You could probably save more to a USB drive from expert mode using the tcpdump command.

0 Kudos
hezi_angel
Explorer
‎2019-01-19 09:22 AM
In response to PhoneBoy

How to use tcpdump?

Is this a computer connected to one of the lan?

Through tcpdump you can also check the speed of traffic?
Or will I still need to use the wireshark with the file I'm creating?

Thanks

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-19 10:22 AM
In response to hezi_angel

tcpdump is a command you can run on the 750 via the CLI in expert mode.

It's a standard Unix command.

You would then download the pcap file and, if you prefer, look in Wireshark or any other offline tool.

The following might be helpful if you've never used tcpdump before:

[tool] - https://tcpdump101.com

0 Kudos
hezi_angel
Explorer
‎2019-01-19 12:07 PM
In response to PhoneBoy

I do this from any computer connected to the network

Or from a computer connected to a special place?

Thank you very much

It helps me a lot

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-19 12:12 PM
In response to hezi_angel

Like I said, you run the command from the CLI.

You do that either from an SSH session (can be from anywhere) or a Console connection, which requires a direct serial/USB connection to the appliance.

0 Kudos
hezi_angel
Explorer
‎2019-01-19 02:34 PM
In response to PhoneBoy

Sorry

I still did not understand

If I run tcpdump from one of the computers it will create me a traffic file just for this computer

So how do I connect the computer that it will receive all the traffic?

I did not understand how to run the cli via ssh, and then run the tcpdump

Can I explain this or a guide?

Thank you

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-20 03:46 AM
In response to hezi_angel

You are trying to run tcpdump on the 750 appliance itself.

To do that, you need to reach the CLI of the device.

You can access the CLI using:

  • SSH (using a client like putty from a PC)
  • A USB/Serial connection to the device (putty can also use a serial connection).

Once you get there, you can run tcpdump with the appropriate options.

I highly recommend reviewing the product documentation: Check Point 700/900 Appliances R77.20.81 Administration Guide 

You may also want to consult with someone from your local Check Point office or partner.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-18 01:45 PM

You can definitely see who is using large amounts of bandwidth in the last hour, though.

This requires using Identity Awareness.

0 Kudos
hezi_angel
Explorer
‎2019-01-19 09:30 AM
In response to PhoneBoy

This only works if I set a user for each Ip

It does not show by ip or computer's name

In applications  it is impossible to know which computer is using the specific software

For example, if I found that there is a big use of windows update

I can not tell which computer it is

Thanks

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-19 10:20 AM
In response to hezi_angel

If you're logging applications, you should be able to tell which computers are using Windows Update, though.

0 Kudos
hezi_angel
Explorer
‎2019-01-19 12:10 PM
In response to PhoneBoy

in applications

He shows me only the software, not some computer

Could it be that  he show me the computers only if i write the user on router?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-20 03:33 AM
In response to hezi_angel

You should be able to look at the logs and find the people using those specific applications.

0 Kudos