Check out this new tcpdump-analyzer tool from Check Point called CPMonitor!
Check Points own introduction:
CPMonitor is a utility targeted to analyze traffic captured by tcpdump / snoop / Check Point FW Monitor.
It parses the input traffic capture file and extracts valuable information from it, including:
- Overall traffic statistics (pps, cps, concurrent, throughput)
- Top connections, top servers and top services
- Detailed connections, servers and services (with packet size distribution)
- Per second analysis
It can run on any Gaia / SecurePlatform / Linux machine.
And it’s very easy to use! You can grap a tcpdump from everywhere you want, and then just phrase it through CPMonitor to get the results!
Installation of CPMonitor
Download it from one of the links above, and untar it:
tar -zxvf cpmonitor.tgz
Assign the relevant permissions to the file:
chmod u+x cpmonitor
Grap the dump and analyze it!
Start a tcpdump on your linux based firewall or server:
tcpdump -i <interface> -w tcpdump-output.pcap
Move the .pcap file to the server with CPMonitor installed (if its on different servers) and run it!