This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kobilevi
Participant
‎2022-06-09 04:56 AM

Tcpdump + Zdebug

Hi Checkmates !

I wanted to know if Checkpoint has a complete guide to tcpdump and zdebug

Anyone know of one?
Thanks

0 Kudos
7 Replies
the_rock
Champion
Champion
‎2022-06-09 05:19 AM

Can you explain please? What kind of guide? You can refer to below

https://gist.github.com/tuxfight3r/9ac030cb0d707bb446c7

 

 

0 Kudos
kobilevi
Participant
‎2022-06-09 05:23 AM
In response to the_rock

hi

Hi I am looking for a complete guide for beginners to zdebug and tcpdump for checkpoint gateways 

0 Kudos
the_rock
Champion
Champion
‎2022-06-09 05:30 AM
In response to kobilevi

Just google it, bunch of links come up with useful flags.

0 Kudos
Oliver_Fink
Collaborator
‎2022-06-09 05:35 AM
In response to kobilevi

Maybe you want to use cppcap instead of tcpdump. Have a look at sk141412: cppcap - A Check Point Traffic Capture Tool

It uses pcap-filter(7) as syntax and has no hassle with SecureXL.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-09 05:25 AM

tcpdump is not a CP software 😉

sk100808: How to use " fw ctl zdebug" command

sk30583: What is FW Monitor?

 

CCSE CCTE SMB Specialist
Timothy_Hall
Champion
Champion
‎2022-06-09 05:41 AM

You may want to check out my 2021 CPX presentation here which summarizes the packet capturing options on Check Point:

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/member-exclusives/484/2/CPX_Preso...

This presentation was derived from my self-guided video series "Max Capture: Know Your Packets" which thoroughly covers all the packet capture tools including tcpdump along with fw ctl zdebug + drop as well.  There are also free updates to the original class available here:

Max Capture Update 1: Taking "Triggered" Packet Captures

Max Capture Update 2: Debug Filter Battle -- fw monitor -F vs. fw ctl zdebug + drop

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com