I write a Wireshark profile to help you with reading `fw monitor` files.
I wrote a Dutch description on Wireshark Profiles and I guess the screenshots will be sufficient help to get you started for those not savvy in Dutch ;-)
The Short English Version:
- Create a Dummy personal profile (Name it whatever you like)
- In WireShark, Goto Help => Folders and then proceed to your Personal Configuration directory
- Put the ZIP file in the Profiles directory and unpack it.
- Now you have your own Check Point profile that has coloring rules and some other smart things.
Feel free to mention any smart tricks with Wireshark you use the speed up reading `fw monitor` files.