Page 361 / 428
Scroll up to view Page 356 - 360
Using Diagnostic Tools
Chapter 17: Maintenance
347
Using Packet Sniffer
The ZoneAlarm router includes the Packet Sniffer tool, which enables you to capture
packets from any internal network or ZoneAlarm port. This is useful for troubleshooting
network problems and for collecting data about network behavior.
The ZoneAlarm router saves the captured packets to a file on your computer. You can use
a free protocol analyzer, such as Ethereal or Wireshark, to analyze the file, or you can send
it to technical support. Wireshark runs on all popular computing platforms and can be
To use Packet Sniffer
1.
Click
Setup
in the main menu, and click the
Tools
tab.
The
Tools
page appears.
2.
Click
Sniffer
.
The
Packet Sniffer
window opens.
3.
Complete the fields using the information in the following table.
4.
Click
Start
.
Page 362 / 428
Using Diagnostic Tools
348
Check Point ZoneAlarm User Guide
The
Packet Sniffer
window displays the name of the interface, the number of packets
collected, and the percentage of storage space remaining on the router for storing the
packets.
5.
Click
Stop
to stop collecting packets.
A standard
File Download
dialog box appears.
6.
Click
Save
.
The
Save As
dialog box appears.
7.
Browse to a destination directory of your choice.
8.
Type a name for the configuration file and click
Save
.
The *.cap file is created and saved to the specified directory.
9.
Click
Cancel
to close the
Packet Sniffer
window.
Page 363 / 428
Using Diagnostic Tools
Chapter 17: Maintenance
349
Table 85: Packet Sniffer Fields
In this field…
Do this…
Interface
Select the interface from which to collect packets.
The list includes the primary Internet connection, the ZoneAlarm router
ports, and all defined networks.
Filter String
Type the filter string to use for filtering the captured packets. Only
packets that match the filter condition will be saved.
For a list of basic filter strings elements, see
Filter String Syntax
on
page 350.
For detailed information on filter syntax, go to
Note:
Do not enclose the filter string in quotation marks.
If you do not specify a filter string, Packet Sniffer will save all packets on
the selected interface.
Capture only traffic
to/from this gateway
Select this option to capture incoming and outgoing packets for this
gateway only.
If this option is not selected, Packet Sniffer will collect packets for all
traffic on the interface.
Page 364 / 428
Using Diagnostic Tools
350
Check Point ZoneAlarm User Guide
Filter String Syntax
The following represents a list of basic filter string elements:
•
and
on page 350
•
dst
on page 351
•
dst port
on page 351
•
ether proto
on page 352
•
host
on page 353
•
not
on page 353
•
or
on page 354
•
port
on page 354
•
src
on page 355
•
src port
on page 355
•
tcp
on page 356
•
udp
on page 357
and
P
URPOSE
The
and
element is used to concatenate filter string elements. The filtered packets must
match
all
concatenated filter string elements.
S
YNTAX
element
and
element [
and
element...]
element
&&
element [
&&
element...]
P
ARAMETERS
element
String. A filter string element.
Page 365 / 428
Using Diagnostic Tools
Chapter 17: Maintenance
351
E
XAMPLE
The following filter string saves packets that both originate from IP address is
192.168.10.1 and are destined for port 80:
src 192.168.10.1 and dst port 80
dst
P
URPOSE
The
dst
element captures all packets with a specific destination.
S
YNTAX
dst
destination
P
ARAMETERS
destination
IP Address or String. The computer to which the packet is
sent. This can be the following:
•
An IP address
•
A host name
E
XAMPLE
The following filter string saves packets that are destined for the IP address 192.168.10.1:
dst 192.168.10.1
dst port
P
URPOSE
The
dst port
element captures all packets destined for a specific port.
S
YNTAX
dst port
port
Note:
This element can be prepended by tcp or udp. For information, see
tcp
on
page 356 and
udp
on page 357.
19216811.live