Quantum Spark Management Unleashed!
Introducing Check Point Quantum Spark 2500:
Smarter Security, Faster Connectivity, and Simpler MSP Management!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
HeikoAnkenbrand
This econn tool version 6.8 is a command-line utility for analyzing active firewall connection tables, specifically from Check Point firewalls via the fw tab -t connections -u command. It parses raw connection entries, resolves service names, maps interface IDs to names, and provides powerful filtering options based on IP addresses, ports, protocols, rules, networks, and interface names. Results can be displayed in a structured table, and optional statistics can be generated.
One of its greatest strengths lies in the powerful filtering options. With just a few parameters, the view can be narrowed down to specific source or destination addresses, certain ports, or even entire networks. Filtering by protocol or interface is also possible, allowing administrators to isolate exactly the connections that are relevant to their analysis within seconds.
Beyond simple presentation, econn delivers extensive statistical insights. It highlights which rules are most frequently used, which ports and IP combinations dominate, and how communication is distributed across different interfaces. This helps build a deeper understanding of network behavior and makes it easier to identify irregularities.
Ultimately, the tool provides a quick overview of all relevant communication relationships. Even in complex environments with many segments, traffic becomes more transparent as connections are logically grouped and summarized. For administrators, this means a significant simplification in evaluating communication flows and a valuable aid in day-to-day network operations.
The -stat option provides a general overview of the filtered connections. It summarizes key information such as which ports, rules, protocols, services, and interfaces are involved, giving administrators a quick snapshot of the traffic.
With -statip, the tool lists all unique source and destination IP addresses. This makes it easy to see at a glance which hosts are participating in the current connections.
The -statnet option focuses on networks rather than individual IPs. It groups communication into Class C (/24) and Class B (/16) networks, helping to understand traffic distribution across subnets.
Using -statconn, administrators can see all source–destination IP pairs along with the ports they are using. This highlights who is talking to whom and which services are being exchanged.
The -statport option organizes connections by destination port. For each port, it shows the related IP pairs without duplicates, making it clear which services are most active.
With -statrule, the output is grouped by firewall rule. It shows which source and destination pairs are affected by each rule and the ports they use, which is particularly useful for validating security policies.
Finally, -notab hides the detailed connection table. This is useful when the focus is only on statistics or summaries, reducing clutter in the output.
Install tool:
curl_cli -k https://www.checkpoint.tips/tools/econn > /usr/bin/econn && chmod 770 /usr/bin/econn && dos2unix /usr/bin/econn
Online help:
Usage:
econn [filters] [options]
Filter options (detailed):
-s=<IP> Filter by source IP address
-d=<IP> Filter by destination IP address
-sp=<Port> Filter by source port
-dp=<Port> Filter by destination port
-n=<Name> Filter by service name (if available)
-r=<Rule> Filter by rule number
-p=<Protocol> Filter by protocol (e.g., TCP, UDP, ICMP)
-net=<CIDR> Filter if either source or destination IP is in the network
-snet=<CIDR> Filter if source IP is in the network
-dnet=<CIDR> Filter if destination IP is in the network
-si=<iface> Filter by inbound interface name
-di=<iface> Filter by outbound interface name
-g=<string> Grep-like search: only show rows containing the string
Statistics / Output options:
-stat Show general statistics for the current filter
-statip Show all unique IP addresses (source & destination)
-statnet Show all networks (Class C / B) involved in connections
-statconn Show all IP pairs with their associated ports
-statport Group output by ports (with IP pairs, no duplicates)
-statrule Group output by rules (with IP pairs and ports)
-notab Hide the main connection table from output
General:
--help Show this help message and exit
Examples:
econn -s=192.168.1.10 -p=TCP
econn -dnet=10.0.0.0/8 -stat
econn -g=established -p=TCP
econn -sp=80 -statport
econn -dp=443 -statconn
econn -r=101 -statrule
econn -net=192.168.0.0/16 -p=UDP -statip
econn -g=FIN -stat -notab
econn -d=8.8.8.8 -statrule -statport
econn -si=eth0 -di=eth1 -p=TCP -statport -notab
This econn tool version 6.8 is a command-line utility for analyzing active firewall connection tables, specifically from Check Point firewalls via the fw tab -t connections -u command. It parses raw connection entries, resolves service names, maps interface IDs to names, and provides powerful filtering options based on IP addresses, ports, protocols, rules, networks, and interface names. Results can be displayed in a structured table, and optional statistics can be generated.
One of it
...;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
