Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Using CPEthereal <strong>to</strong> inspect <strong>fw</strong> moni<strong>to</strong>r files<br />
Based on the standard Ethereal Pedro Paixão and Shaul Eizikovich created an enhanced version of<br />
Ethereal. This “Check Point flavor of Ethereal” (reference as CPEthereal on the following pages) extends<br />
the standard Ethereal in many areas <strong>to</strong> cover Check Point (an <strong>fw</strong> moni<strong>to</strong>r) specific needs and<br />
functions. CPEthereal is available in two versions. A public version with slightly improved <strong>fw</strong> moni<strong>to</strong>r<br />
decoding (public CPEthereal) and a enhanced CSP version with all the features covered below (CSP<br />
Ethereal).<br />
Block coloring<br />
Beca<strong>use</strong> <strong>fw</strong> moni<strong>to</strong>r may capture multiple samples of the same packet passing through the firewall it is<br />
sometimes hard <strong>to</strong> differentiate between the different packets. CPEthereal can group samples of the<br />
same packets by colorizing them. This can be activated using CheckPoint/Colorize:<br />
Figure 69: CPEthereal – activate Block coloring<br />
<strong>How</strong> <strong>to</strong> <strong>use</strong> <strong>fw</strong> moni<strong>to</strong>r Page 55 of 70<br />
Revision: 1.01