w monitor shows you what the checkpoint kernel sees, and monitors all interfaces at once
Flag
Description
-d
Turn on debug flag
-D
Specify an INSPECT program line (multiple -e options can be used)
-f
INSPECT filter name. '-' can be used to specify standard input. The -f and -e options are mutually exclusive
-l
Specify how many bytes of the packet should be transferred from the kernel.
-m
Specify inspection points mask, any one or more of i, I, o, O as explained above. This feature only works on 4.0 SP3 or later.
-o
Specify an output file, which can be viewer with the 'snoop' command on Solaris.
-x
Perform a hex dump of the received data, starting at specified offset and printing out 'len' bytes.
Examples:
fw monitor -m iIoO -e "accept src=192.168.191.18;"
fw monitor -m iIoO -e "accept dport=500;"
fw monitor -m iIoO -e "accept dst=192.168.27.198;"
fw monitor -m iIoO -e "accept dst=192.168.2.3;" -o /var/tmp/SOCD00008413514
fw monitor -m iIoO -e "accept src=192.168.160.45 or dst=172.16.160.45;"
fw monitor -m iIOo -e 'accept src=10.33.76.82 and dst=10.33.76.82;'
VIEWING OUTPUT:
The little "i" means the packet is incoming to the interface specified.
The big "I" means the packet is incoming to the checkpoint filter
The little "o" means the packet is leaving the filter
the big "o" means the packet is hitting the wire on the interface specified
Labels
- Cheat Sheets (7)
- Checkpoint (159)
- Cisco (24)
- Commands (5)
- Fortigate (2)
- Frame-Relay (9)
- Linux (3)
- Netscaler (29)
- Netscreen (2)
- Nokia (7)
- UNIX (2)
Live Traffic
Comments
Search This Blog
Blog Archive
-
▼
2010
(146)
-
▼
May
(90)
- Checkpoint - Ports
- UNIX - The Ultimate Linux Command Reference Guide
- Checkpoint - Useful Files
- Checkpoint Commands
- Alw@ys Knw Wh@ts Happening inside your KERNEL - “A...
- Nokia - Cluster Mac Address - "Grep" Strikes Again...
- Traceroute from Unix
- Checkpoint Logging Issue
- Change Date in Linux
- Finding Smartcenter Server - from Gateway
- SPLAT - Forgot Standard Password
- Checkpoint : fw ctl pstat ???
- GRE is like Girls!!! - GRE Tunnel in IPSEC - there...
- Checkpoint : How to Find the the Management Interface
- Checkpoint Troubleshooting - Debugging
- SSH session timeout in Checkpoint NG/NGX
- Manage VPN tunnels smartly: forget vpn tu,enter th...
- Clear ARP table in Checkpoint
- Mail alert on ssh login or any other rule hit in C...
- What ports are used for communication and how to p...
- fw monitor add-on
- awk weekly – how to see Checkpoint logs on command...
- awk weekly – rule hits statistics . Checkpoint again
- Install native telnet client on Checkpoint firewall
- Telnet from inside Checkpoint firewall
- fw ctl or checkpoint tables by any other name
- Authenticating ssh access on the Checkpoint using ...
- How to add routing script on Secureplatform?
- Checkpoint concurrent sessions and memory calculat...
- Capazity Optimization
- My favorite troubleshooting command
- Neighbour table overflow
- SecurePlatform and NTP
- Delete old log files on SPLAT machines
- Delete all ARP entries on SPLAT
- Download backup from SmartCenter using SCP
- Change password on non-admin user in SPLAT
- How to run web visualization tool in check point??
- How to configure SmartView Monitor Mail Alert in C...
- fw monitor command reference
- NetScaler Password Recovery Procedure
- Installing and Configuring VSX
- Citrix Access Gateway Enterprise - Redirect incomi...
- Enabling LDAP Authentication on the NetScaler
- Citrix Netscaler NS7000 : how to create a content ...
- Citrix Netscaler NS7000 : how to create a content ...
- Cisco VPN Troubleshooting Guide
- Usefull Checkpoint Commands
- Checkpoint FW Monitor
- Causes for a failover when using VRRP
- Usefull Nokia IPSO Commands
- Checkpoint Tables and the FW Tab Command
- Common CLISH Commands
- Installing and Configuring VSX
- So what are QDROPS anyway
- Clearing the host table on Checkpoint
- Provider-1 Quick Guide
- When are Proxy Arps required on Checkpoint devices
- Unable to delete tunnels on a Checkpoint VIA VPN TU?
- Checkpoint VPN stats
- View Checkpoint VPN traffic decrypted on the wire
- View last 10 policies installed on a Checkpoint fi...
- How to view Checkpoint tables in ASCII
- Checkpoint Splat source based routing
- Trobleshooting the Checkpoint Daemon (CPD)
- Checkpoint port list
- Modifying the SPLAT Webmanager port
- Creating a Read Only SPLAT user
- Configuring SNMP on SPLAT
- Allowing scp to SPLAT boxes
- Resolving local logging issues on Checkpoint
- How to globally change the expiration date of all ...
- rtm monitor in Checkpoint
- Everything you need to know about troubleshooting ...
- SPLAT - Route / Static ARP startup Script
- How do I change an IP address on a IPSO Nokia Fire...
- How do I create an IPSO backup via clish ?
- Nokia IPSO Password Recovery
- Useful Netscreen Commands for Troubleshooting
- How to Find the Speed of an Interface on a Solaris...
- How to Install Checkpoint Firewall NGX on SecurePl...
- How to fix Check Point High Availability State Syn...
- Basic Netscreen Commands
- Re-establishing SIC (Secure Internal Communication...
- Cisco site to site VPN Configuration Cheatsheet
- Troubleshooting VRRP on Nokia Checkpoint Firewalls
- Usefull Nokia IPSO Commands
- Nokia Top Clish Commands Reference
- IPSO - Commands
- Checkpoint - Commands
-
▼
May
(90)
Post a Comment