CPMonitor – Easy tcpdump analyzer

Hi guys!

Check out this new tcpdump-analyzer tool from Check Point called CPMonitor!

Check Points own introduction:

CPMonitor is a utility targeted to analyze traffic captured by tcpdump / snoop / Check Point FW Monitor.

It parses the input traffic capture file and extracts valuable information from it, including:

  • Overall traffic statistics (pps, cps, concurrent, throughput)
  • Top connections, top servers and top services
  • Detailed connections, servers and services (with packet size distribution)
  • Per second analysis

It can run on any Gaia / SecurePlatform / Linux machine.

Source: Check Point

 

And it’s very easy to use! You can grap a tcpdump from everywhere you want, and then just phrase it through CPMonitor to get the results!

Installation of CPMonitor

Download it from one of the links above, and untar it:

Assign the relevant permissions to the file:

Grap the dump and analyze it!

Start a tcpdump on your linux based firewall or server:

Move the .pcap file to the server with CPMonitor installed (if its on different servers) and run it!

Share on FacebookShare on Google+Email this to someoneTweet about this on TwitterShare on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *