CPMonitor – Easy tcpdump analyzer

Hi guys!

Check out this new tcpdump-analyzer tool from Check Point called CPMonitor!

Check Points own introduction:

CPMonitor is a utility targeted to analyze traffic captured by tcpdump / snoop / Check Point FW Monitor.

It parses the input traffic capture file and extracts valuable information from it, including:

  • Overall traffic statistics (pps, cps, concurrent, throughput)
  • Top connections, top servers and top services
  • Detailed connections, servers and services (with packet size distribution)
  • Per second analysis

It can run on any Gaia / SecurePlatform / Linux machine.

Source: Check Point

 

And it’s very easy to use! You can grap a tcpdump from everywhere you want, and then just phrase it through CPMonitor to get the results!

Installation of CPMonitor

Download it from one of the links above, and untar it:

tar -zxvf cpmonitor.tgz

Assign the relevant permissions to the file:

chmod u+x cpmonitor

Grap the dump and analyze it!

Start a tcpdump on your linux based firewall or server:

tcpdump -i <interface> -w tcpdump-output.pcap

Move the .pcap file to the server with CPMonitor installed (if its on different servers) and run it!

./cpmonitor tcpdump-output.pcap

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.