Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Iain_Wadds
Explorer

PCAP analysis

Is it possible to use the Check Point gateway to retrospectively analyse a pcap/tcpdump file to detect threats in the same way you might use the security checkup on "live" data?

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

There's not a built-in tool for this.

That said, I assume you could replay the packet capture using an external system with something like tcpreplay.

0 Kudos
Hugo_vd_Kooij
Advisor

If you happen to own a box that can read PCAP then you can learn from the replay.

I sometimes put a PCAP file in my labs Security Analytics box with 3 AV scanner and so on and it can show some interresting things. But most PCAP files in a firewall are too small to learn much.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events