Keep Your Networking Peers Happy
With Secure SD-WAN
Secure the GenAI Revolution!
The All-New GenAI Security from Check Point
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Recently on CheckMates
The reason that you are experiencing difficulty is that fw monitor writes its raw packet capture output (via -o) in Sun snoop format, whereas tcpdump via -w saves it in pcap format. There is no way I know of to "replay" or make human readable a raw fw monitor capture file from the CLI of Gaia, unless you want to feed it to something like cpmonitor (sk103212) for statistical analysis. pcap captures can be replayed by tcpdump, but tcpdump does not understand snoop format. In the old days on Solaris the snoop command itself could be used to replay these captures, but that command is long gone. Wireshark has to be used now as it can still decode snoop format.
sk39510 and such only talk about how to display the iIoO capture points in Wireshark and adjust the colorization to adapt to the same packet being shown more than once. This is all covered in my Max Capture: Know Your Packets self-guided video course.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
