Month: May 2012

Check Point Quick Reference – Tcpdump

NOTE: fw monitor operates above layer 2 and does not include mac address information – cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host and host…

Read More »

Check Point Quick Reference – FW Monitor

Overview: FW Monitor is a built-in firewall tool which needs no separate install on the device you wish to capture packets and interrogate connections. It is a functionality provided with the installation of the FW-1 package and syntax is also identical across all FW-1 installations. FW Monitor allows for sampling the connection from 4 different…

Read More »

Firewall Commands For Identifying Specific Routes

The Question: Using firewall commands, identify the route to specific destination/target without using the routing table (more specific) I was asked the question today, and blanked out… I have ran the Cisco and CheckPoint IPSO versions, but not Splat and still couldn’t pull it from memory. Once I looked it up I felt silly, but…

Read More »