Check Point support has asked Tony for a firewall capture of accepted packets. What would be
the correct syntax to create a capture file to a filename called monitor.out?
A.
Run fw monitor -e “accept;” -f monitor.out
B.
Run fw monitor -e “accept;” -c monitor.out
C.
Run fw monitor -e “accept;” -o monitor.out
D.
Run fw monitor -e “accept;” -m monitor.out
C
> fw monitor -o
Write output to file: Save the raw packet data to a file in a standard (RFC
1761) format. The file can be examined using by tools like snoop, tcpdump
or Ethereal.
Note – The snoop file format is normally used to store Layer 2 frames. For
“normal” capture files this means that the frame includes data like a source
and a destination MAC address. fw monitor operates in the firewall
kernel and therefore has no access to Layer 2 information like MAC
addresses. Instead of writing random MAC addresses, fw monitor includes
information like interface name, direction and chain position as “MAC
addresses”.
C. Run fw monitor -e “accept;” -o monitor.out